libssh2 integer overflow and out of bounds read/write vulnerabilities
Summary
Multiple integer overflow and out of bounds read/write vulnerabilities in the SSL VPN web-mode SSH client may allow an unauthenticated attacker to cause the SSL VPN user session to break (Denial of service) and possibly to run arbitrary code via specially crafted packets sent from a malicious SSH server.
This concerns the following CVEs on a precaution basis:
* CVE-2019-3855 integer overflow when reading a specially crafted packet
* CVE-2019-3856 integer overflow if the server sent an extremely large number of keyboard prompts
* CVE-2019-3857 integer overflow when receiving a specially crafted exit signal message channel packet
* CVE-2019-3858 zero byte allocation when reading a specially crafted SFTP packet
* CVE-2019-3859 out of bounds reads in _libssh2_packet_require(v)
* CVE-2019-3860 out of bounds reads when processing specially crafted SFTP packets
* CVE-2019-3861 out of bounds read when processing a specially crafted packet
* CVE-2019-3862 out of bounds read when receiving a specially crafted exit status message channel packet
* CVE-2019-3863 integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings