VulnerableCode Package Details - pkg:rpm/redhat/libssh2@1.4.3-11.el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-bcba-qntz-gkez Aliases: CVE-2019-3863	Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.	There are no reported fixed by versions.
VCID-f1me-9vqd-j7f6 Aliases: CVE-2019-3855	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	There are no reported fixed by versions.
VCID-mevw-g6yq-eqa8 Aliases: CVE-2019-3857	Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	There are no reported fixed by versions.
VCID-qjzc-2hvn-2qg3 Aliases: CVE-2019-3856	Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-bcba-qntz-gkez
Aliases:
CVE-2019-3863

Out-of-bounds Write A flaw was found in libssh2 A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out-of-bounds memory write error.

There are no reported fixed by versions.

VCID-f1me-9vqd-j7f6
Aliases:
CVE-2019-3855

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

There are no reported fixed by versions.

VCID-mevw-g6yq-eqa8
Aliases:
CVE-2019-3857

Out-of-bounds Write An integer overflow flaw which could lead to an out-of-bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

There are no reported fixed by versions.

VCID-qjzc-2hvn-2qg3
Aliases:
CVE-2019-3856

Out-of-bounds Write An integer overflow flaw, which could lead to an out-of-bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:46.751285+00:00	RedHat Importer	Affected by	VCID-bcba-qntz-gkez	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3863.json	38.0.0
2026-04-01T14:20:46.510442+00:00	RedHat Importer	Affected by	VCID-mevw-g6yq-eqa8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3857.json	38.0.0
2026-04-01T14:20:46.376233+00:00	RedHat Importer	Affected by	VCID-qjzc-2hvn-2qg3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3856.json	38.0.0
2026-04-01T14:20:46.237910+00:00	RedHat Importer	Affected by	VCID-f1me-9vqd-j7f6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3855.json	38.0.0