What is CVE-2019-6111?

CVE-2019-6111 is a vulnerability in N/a. Published 2019-01-31.

Is CVE-2019-6111 known to be exploited?

41 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-6111

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object na…

EPSS: 0.542 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

DSA-4387 (vendor-advisory)
security.netapp.com/advisory/ntap-20190213-0001/
106741 (vdb-entry)
cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
USN-3885-1 (vendor-advisory)
USN-3885-2 (vendor-advisory)
bugzilla.redhat.com/show_bug.cgi
sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
46193 (exploit)
GLSA-201903-16 (vendor-advisory)

Frequently asked questions

What is CVE-2019-6111?: CVE-2019-6111 is a vulnerability in N/a. Published 2019-01-31.
Is CVE-2019-6111 known to be exploited?: 41 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.