VulnerableCode Package Details - pkg:apk/alpine/libssh2@1.8.1-r0?arch=x86&distroversion=edge&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-97nz-s1q6-x3fc	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3861
VCID-bcba-qntz-gkez	Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.	CVE-2019-3863
VCID-f1me-9vqd-j7f6	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3855
VCID-gv2u-298u-jkcv	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3859
VCID-k1js-k8q3-ekb2	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3860
VCID-mevw-g6yq-eqa8	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3857
VCID-qjzc-2hvn-2qg3	Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3856
VCID-rv81-jwkz-w7b5	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3858
VCID-sy5b-nfqk-6ucm	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3862

Vulnerability

Summary

Aliases

VCID-97nz-s1q6-x3fc

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3861

VCID-bcba-qntz-gkez

Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.

CVE-2019-3863

VCID-f1me-9vqd-j7f6

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3855

VCID-gv2u-298u-jkcv

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3859

VCID-k1js-k8q3-ekb2

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3860

VCID-mevw-g6yq-eqa8

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3857

VCID-qjzc-2hvn-2qg3

Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3856

VCID-rv81-jwkz-w7b5

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3858

VCID-sy5b-nfqk-6ucm

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3862

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:57:54.691166+00:00	Alpine Linux Importer	Fixing	VCID-mevw-g6yq-eqa8	https://secdb.alpinelinux.org/edge/main.json	38.1.0
2026-04-03T17:57:01.797660+00:00	Alpine Linux Importer	Fixing	VCID-qjzc-2hvn-2qg3	https://secdb.alpinelinux.org/edge/main.json	38.1.0
2026-04-03T17:52:56.666789+00:00	Alpine Linux Importer	Fixing	VCID-gv2u-298u-jkcv	https://secdb.alpinelinux.org/edge/main.json	38.1.0
2026-04-03T17:44:12.296184+00:00	Alpine Linux Importer	Fixing	VCID-k1js-k8q3-ekb2	https://secdb.alpinelinux.org/edge/main.json	38.1.0
2026-04-01T19:24:50.125454+00:00	Alpine Linux Importer	Fixing	VCID-sy5b-nfqk-6ucm	https://secdb.alpinelinux.org/edge/main.json	38.0.0
2026-04-01T19:05:33.613293+00:00	Alpine Linux Importer	Fixing	VCID-f1me-9vqd-j7f6	https://secdb.alpinelinux.org/edge/main.json	38.0.0
2026-04-01T19:04:57.084359+00:00	Alpine Linux Importer	Fixing	VCID-97nz-s1q6-x3fc	https://secdb.alpinelinux.org/edge/main.json	38.0.0
2026-04-01T18:49:23.135143+00:00	Alpine Linux Importer	Fixing	VCID-rv81-jwkz-w7b5	https://secdb.alpinelinux.org/edge/main.json	38.0.0
2026-04-01T18:48:21.930530+00:00	Alpine Linux Importer	Fixing	VCID-bcba-qntz-gkez	https://secdb.alpinelinux.org/edge/main.json	38.0.0