CVE-2019-14889

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Published: Dec 11, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-14889
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
libssh / libssh	-	0.8.8
libssh / libssh	0.9.0	0.9.3
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x
canonical / ubuntu_linux	19.10	19.10.x
opensuse / leap	15.1	15.1.x
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
debian / debian_linux	8.0	8.0.x
oracle / mysql_workbench	-	8.0.19.x

Vulnerability Database

289,599

CVE-2019-14889