CVE-2019-3855

Priority
Description
An integer overflow flaw which could lead to an out of bounds write was
discovered in libssh2 before 1.8.1 in the way packets are read from the
server. A remote attacker who compromises a SSH server may be able to
execute code on the client system when a user connects to the server.
Ubuntu-Description
It was discovered that libssh2 mishandled certain input. If libssh2 were used
to connect to a malicious or compromised SSH server, a remote, unauthenticated
attacker could execute arbitrary code on the client system.
Assigned-to
leosilva
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.8.0-2.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.8.0-2.1)
More Information

Updated: 2020-10-28 16:48:54 UTC (commit 61c466688be673cb43da2af6d4295f1a01fd7ad1)