Libssh2, which is a popular open source client-side C library implementing the SSHv2 protocol, has successfully released the latest version of the software to patch a total of the nine security vulnerabilities. The library is made available for all of the major distributors of the Linux OS that includes Red Hat, Ubuntu, Debian and as well as come bundled within some distributions and the software as a library by default. According to a published advisory, all the following vulnerabilities that were patched with the release of Libssh2 version 1.8.1 lead to the memory corruption issues that could lead in the arbitrary code execution on a client system in certain circumstances.
The list of patched security vulnerabilities include:
- CVE-2019-3855: It is a possible integer overflow in the transport read that could lead to an out of bounds write.
- CVE-2019-3856: It is a possible integer overflow in the keyboard interactive handling permits an out of bounds write.
- CVE-2019-3857: It is a possible integer overflow issue leading to zero byte allocation and out of bounds write.
- CVE-2019-3858: It is a possible zero byte allocation that permits an out of bounds write.
- CVE-2019-3859: It is a possible out of bounds reads having specially crafted payloads due to the unchecked use of “_libssh2_packet_require and _libssh2_packet_requirev.”
- CVE-2019-3860: It is an out of the bounds reads having specially crafted SFTP packets leading to the Denial of Service or read data in the client memory attacks.
- CVE-2019-3861: It is an out of the bounds reads having specially crafted SSH packets which occurs when the padding length value is greater than the packet length leading to the parsing of the corrupted packet.
- CVE-2019-3862: It is an out of the bounds read issue that occurs when the server sends the especially crafted SSH_MSG_CHANNEL_REQUEST packets having an exit status message and no payload.
- CVE-2019-3863: It is an integer overflow in the user authenticated keyboard interactive allowing the out of bounds writes.