H3C Security Vulnerability-libssh2 input validation error - CVE-2019-3855
04-02-2021【Summary】
Libssh2 is a client C library that implements the SSH2 protocol. It can execute remote commands, file transfers, and provide secure transport channels for remote programs. An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
【Impact】
A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
H3Cloud CMP | All | TBR before 2020.01.30 |
H3Cloud OS | All | TBR before 2020.01.30 |
Wireless AC/AP_B64D029SP | All | TBC Jan, 2020 |
S5560HI | All | TBC Jan, 2020 |
H3C S5560X | All | TBR before 2020.01.31 |
H3C S6520X | All | TBR before 2020.01.31 |
H3C S3100V3 | All | TBR before 2020.01.31 |
CR19000/CR16000-X | All | TBC Jan, 2020 |
S6520XE | All | TBC Jan, 2020 |
S5130HI | All | TBC Jan, 2020 |
S10500(V7)_R75xx | All | TBC Jan, 2020 |
S5130SEI | All | TBR before 2020.01.31 |
F5080/F5080-D | All | TBR before 2020.01.30 |
MSR95X/MSR1000/2000/3000/4000(V7) | All | TBC Jan, 2020 |
6125XLG Blade Switch | All | TBC Jan, 2020 |
6127XLG Blade Switch | All | TBC Jan, 2020 |
S9820 | All | TBC Jan, 2020 |
CR19000/CR16000-X | All | TBC Jan, 2020 |
S10500(V7)_R71xx | All | TBC Jan, 2020 |
S5800EI | All | TBC Jan, 2020 |
88x/CR16K_B75 | All | TBC Jan, 2020 |
S12500 (V7) | All | TBC Jan, 2020 |
S9850/S6850 | All | TBC Jan, 2020 |
S5510HI_B45 | All | TBC Jan, 2020 |
T5080 | All | TBR before 2020.01.30 |
S7500(V7)_R71xx | All | TBC Jan, 2020 |
【Temporary Fix】
None
【Revision History】
2019-12-13 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.