CVE-2019-3860 (debian_linux, libssh2)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Source: NIST
CVE-2019-3860 (debian_linux, libssh2)