VulnerableCode Package Details - pkg:nuget/libssh2-vc141_xp@1.8.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/libssh2-vc141_xp@1.8.0

Essentials
History (3)

purl	pkg:nuget/libssh2-vc141_xp@1.8.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-97nz-s1q6-x3fc Aliases: CVE-2019-3861	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	1.8.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-k1js-k8q3-ekb2 Aliases: CVE-2019-3860	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	1.8.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mevw-g6yq-eqa8 Aliases: CVE-2019-3857	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	1.8.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:48:22.420151+00:00	GitLab Importer	Affected by	VCID-k1js-k8q3-ekb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3860.yml	38.0.0
2026-04-01T12:48:22.068811+00:00	GitLab Importer	Affected by	VCID-mevw-g6yq-eqa8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3857.yml	38.0.0
2026-04-01T12:48:21.960346+00:00	GitLab Importer	Affected by	VCID-97nz-s1q6-x3fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3861.yml	38.0.0