CVE-2019-3863

7.5 HIGH

Published: March 25, 2019 Modified: December 19, 2025

Description

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0679

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1175

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:1652

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:1791

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:1943

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2019:2399

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863

Source: secalert@redhat.com

Issue Tracking Patch Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html

Source: secalert@redhat.com

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

Source: secalert@redhat.com

https://seclists.org/bugtraq/2019/Apr/25

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20190327-0005/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4431

Source: secalert@redhat.com

https://www.libssh2.org/CVE-2019-3863.html

Source: secalert@redhat.com

Patch Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0679

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1175

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1652

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1791

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1943

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:2399

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Patch Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Apr/25

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20190327-0005/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4431

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.libssh2.org/CVE-2019-3863.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

8.8%

92th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-190 CWE-787 CWE-787

Affected Vendors

redhat debian libssh2 netapp opensuse

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3