Out of Bounds Read Vulnerability in libssh2 Allows Remote Code Execution and Data Leakage

Out of Bounds Read Vulnerability in libssh2 Allows Remote Code Execution and Data Leakage

CVE-2019-3858 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Learn more about our Cis Benchmark Audit For Server Software.