CVE
CVE-2019-3860
| CVE ID |
CVE-2019-3860
|
|---|---|
| CVSS Score |
9.1
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
1.8.0-4_ol003.el7_9.1
|
| Patch Date |
|
Additional Information
NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2019-3860
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Note: Red Hat has scored this vulnerability as 5.0 (Medium), based on distribution-specific mitigations