{"id":"CVE-2019-14889","details":"A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.","modified":"2026-04-09T06:30:34.995836Z","published":"2019-12-10T23:15:10.580Z","related":["MGASA-2019-0402","SUSE-SU-2019:3267-1","SUSE-SU-2019:3293-1","SUSE-SU-2019:3307-1","SUSE-SU-2019:3308-1","SUSE-SU-2020:0129-1","SUSE-SU-2020:0130-1","SUSE-SU-2020:0131-1","SUSE-SU-2020:0139-1","SUSE-SU-2024:0525-1","SUSE-SU-2024:0539-1","openSUSE-SU-2019:2689-1","openSUSE-SU-2020:0102-1","openSUSE-SU-2024:10998-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00029.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JJWJTXVWLLJTVHBPGWL7472S5FWXYQR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00033.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-27"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4219-1/"},{"type":"ADVISORY","url":"https://www.libssh.org/security/advisories/CVE-2019-14889.txt"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14889"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libssh/libssh-mirror","events":[{"introduced":"0"},{"fixed":"7850307210590a9a1b03ab0273d29b3926a974c5"},{"introduced":"79900e5246da9a1712d8822a53aaf5fd0abc6f40"},{"fixed":"64ce53fdbacb4a1a75c3f5e5e8b3624da7570226"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8.8"},{"introduced":"0.9.0"},{"fixed":"0.9.3"}]}}],"versions":["libssh-0.8.0","libssh-0.8.1","libssh-0.8.2","libssh-0.8.3","libssh-0.8.4","libssh-0.8.5","libssh-0.8.6","libssh-0.8.7","libssh-0.9.0","libssh-0.9.1","libssh-0.9.2","release-0-3-0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.19"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14889.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}