VulnerableCode Package Details - pkg:nuget/libssh2-vc141

Search for packages

Vulnerability	Summary	Fixed by
VCID-grd5-zwxv-cqfw Aliases: CVE-2019-17498	libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c	There are no reported fixed by versions.
VCID-jp7j-dwbq-zkgk Aliases: CVE-2019-13115	libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-grd5-zwxv-cqfw
Aliases:
CVE-2019-17498

libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c

There are no reported fixed by versions.

VCID-jp7j-dwbq-zkgk
Aliases:
CVE-2019-13115

libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-97nz-s1q6-x3fc	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3861
VCID-bcba-qntz-gkez	Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.	CVE-2019-3863
VCID-chdt-29cx-dyas	Improper Input Validation The kex_agree_methods function in libssh2 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.	CVE-2015-1782
VCID-cmy6-8sjv-n3h1	Exposure of Sensitive Information to an Unauthorized Actor The diffie_hellman_sha256 function in kex.c in libssh2 improperly truncates secrets to bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."	CVE-2016-0787
VCID-f1me-9vqd-j7f6	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3855
VCID-gv2u-298u-jkcv	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3859
VCID-k1js-k8q3-ekb2	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3860
VCID-mevw-g6yq-eqa8	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3857
VCID-qjzc-2hvn-2qg3	Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	CVE-2019-3856
VCID-rv81-jwkz-w7b5	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3858
VCID-sy5b-nfqk-6ucm	Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.	CVE-2019-3862

Vulnerability

Summary

Aliases

VCID-97nz-s1q6-x3fc

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3861

VCID-bcba-qntz-gkez

Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.

CVE-2019-3863

VCID-chdt-29cx-dyas

Improper Input Validation The kex_agree_methods function in libssh2 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

CVE-2015-1782

VCID-cmy6-8sjv-n3h1

Exposure of Sensitive Information to an Unauthorized Actor The diffie_hellman_sha256 function in kex.c in libssh2 improperly truncates secrets to bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

CVE-2016-0787

VCID-f1me-9vqd-j7f6

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3855

VCID-gv2u-298u-jkcv

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3859

VCID-k1js-k8q3-ekb2

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3860

VCID-mevw-g6yq-eqa8

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3857

VCID-qjzc-2hvn-2qg3

Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3856

VCID-rv81-jwkz-w7b5

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3858

VCID-sy5b-nfqk-6ucm

Out-of-bounds Read An out-of-bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

CVE-2019-3862

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:58:11.703347+00:00	GitLab Importer	Affected by	VCID-grd5-zwxv-cqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-17498.yml	38.4.0
2026-04-16T20:56:11.928113+00:00	GitLab Importer	Affected by	VCID-jp7j-dwbq-zkgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-13115.yml	38.4.0
2026-04-11T22:09:18.961878+00:00	GitLab Importer	Affected by	VCID-grd5-zwxv-cqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-17498.yml	38.3.0
2026-04-11T22:07:12.479642+00:00	GitLab Importer	Affected by	VCID-jp7j-dwbq-zkgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-13115.yml	38.3.0
2026-04-02T22:21:57.012803+00:00	GitLab Importer	Affected by	VCID-grd5-zwxv-cqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-17498.yml	38.1.0
2026-04-02T22:19:59.765110+00:00	GitLab Importer	Affected by	VCID-jp7j-dwbq-zkgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-13115.yml	38.1.0
2026-04-01T16:39:42.382531+00:00	GitLab Importer	Affected by	VCID-grd5-zwxv-cqfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-17498.yml	38.0.0
2026-04-01T16:37:45.115215+00:00	GitLab Importer	Affected by	VCID-jp7j-dwbq-zkgk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-13115.yml	38.0.0
2026-04-01T12:48:22.421702+00:00	GitLab Importer	Fixing	VCID-k1js-k8q3-ekb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3860.yml	38.0.0
2026-04-01T12:48:22.088712+00:00	GitLab Importer	Fixing	VCID-bcba-qntz-gkez	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3863.yml	38.0.0
2026-04-01T12:48:22.070462+00:00	GitLab Importer	Fixing	VCID-mevw-g6yq-eqa8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3857.yml	38.0.0
2026-04-01T12:48:22.051360+00:00	GitLab Importer	Fixing	VCID-qjzc-2hvn-2qg3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3856.yml	38.0.0
2026-04-01T12:48:21.962287+00:00	GitLab Importer	Fixing	VCID-97nz-s1q6-x3fc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3861.yml	38.0.0
2026-04-01T12:48:21.684769+00:00	GitLab Importer	Fixing	VCID-rv81-jwkz-w7b5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3858.yml	38.0.0
2026-04-01T12:48:21.672198+00:00	GitLab Importer	Fixing	VCID-f1me-9vqd-j7f6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3855.yml	38.0.0
2026-04-01T12:48:21.626553+00:00	GitLab Importer	Fixing	VCID-gv2u-298u-jkcv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3859.yml	38.0.0
2026-04-01T12:48:21.595035+00:00	GitLab Importer	Fixing	VCID-sy5b-nfqk-6ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2019-3862.yml	38.0.0
2026-04-01T12:47:02.514796+00:00	GitLab Importer	Fixing	VCID-cmy6-8sjv-n3h1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2016-0787.yml	38.0.0
2026-04-01T12:46:56.508238+00:00	GitLab Importer	Fixing	VCID-chdt-29cx-dyas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libssh2-vc141_xp/CVE-2015-1782.yml	38.0.0