FreeBSD : libssh2 -- multiple issues (6e58e1e9-2636-413e-9f84-4c0e21143628)

high Nessus Plugin ID 124182



The remote FreeBSD host is missing one or more security-related updates.


libssh2 developers report :

- Defend against possible integer overflows in comp_method_zlib_decomp.

- Defend against writing beyond the end of the payload in

- Sanitize padding_length - _libssh2_transport_read().

- This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

- Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

- Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

- Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short.

- Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add().


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 124182

File Name: freebsd_pkg_6e58e1e92636413e9f844c0e21143628.nasl

Version: 1.4

Type: local

Published: 4/19/2019

Updated: 1/23/2020

Risk Information

CVSS Score Source: CVE-2019-3855


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libssh2, p-cpe:/a:freebsd:freebsd:linux-c6-libssh2, p-cpe:/a:freebsd:freebsd:linux-c7-libssh2, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 4/18/2019

Vulnerability Publication Date: 3/14/2019

Reference Information

CVE: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863