Libssh
CVE-2019-14889
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
AnalysisAI
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. Affected products include: Libssh, Canonical Ubuntu Linux, Opensuse Leap, Fedoraproject Fedora, Debian Debian Linux. Version information: before 0.9.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS
Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or
Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly
Cryptographic key derivation failure in libssh versions prior to 0.11.2 (when built against OpenSSL older than 3.0) can
CVE-2025-5318 is an out-of-bounds read vulnerability in libssh versions before 0.11.2 caused by an incorrect comparison
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library.
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not proper
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in cha
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-he
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today