ASA-2019-00144 – libssh2: Possible integer overflow in keyboard interactive handling allows out-of-bounds write

A server could send a value approaching unsigned int max number of keyboard prompt requests which could result in an unchecked integer overflow. The value would then be used to allocate memory causing a possible memory write out of bounds error (CWE-130).