
Integer overflow flaw discovered in libssh2 before 1.8.1 - swills
https://nvd.nist.gov/vuln/detail/CVE-2019-3855
======
WestCoastJustin
TL/DR for anyone else looking for context.

> A malicious server could send a specially crafted packet which could result
> in an unchecked integer overflow. The value would then be used to allocate
> memory causing a possible memory write out of bounds error (CWE-130). [1]

Maybe now we can put a stop to all these ssh bots crawling the internet. Just
setup a malicious ssh server ;). This CVE was part of a larger release of nine
separate security advisories concerning libssh2 [2].

[1]
[https://www.libssh2.org/CVE-2019-3855.html](https://www.libssh2.org/CVE-2019-3855.html)

[2] [https://www.openwall.com/lists/oss-
security/2019/03/18/3](https://www.openwall.com/lists/oss-
security/2019/03/18/3)

~~~
landr0id
All of the CVEs give credit to "Chris Coulson of Canonical Ltd.". Nice job
Chris. Looks like they've probably developed a fuzzer targeting client packet
handling. I wouldn't be surprised if we see more bugs pop up as a result of
this attention.

~~~
dsl
Bugs coming out of Canonical and Red Hat are usually the result of customer
issues. When I worked for a big company we reported the things we found to Red
Hat as part of our enterprise support and they investigated and disclosed to
the author.

------
w8rbt
SSH Brute force bots... beware ;)

