1852 matches found
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or the knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resour...
Astra Linux – Vulnerability in curl
When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...
Astra Linux – Vulnerability in libssh
A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...
Astra Linux – Vulnerability in libssh
A vulnerability has been identified in libssh up to version 0.11.3. The affected element is the function sftpextensionsgetname/sftpextensionsgetdata in the file src/sftp.c of the SFTP Extension Name Handler component. Performing operations on the argument idx can lead to out-of-bounds read...
Astra Linux – Vulnerability in libssh
A flaw was discovered in the abstract layer of the libssh library responsible for message digest MD operations, which is implemented by different supported crypto backends. The return values from these operations were not properly checked, which could lead to low-memory situations, NULL...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. By using the ProxyCommand or ProxyJump feature, users can exploit unvalidated hostname syntax on the client side. This issue may allow an attacker to inject malicious code into the commands related to these features via the hostname parameter...
Astra Linux – Vulnerability in libssh
A NULL pointer dereference was detected in libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...
Astra Linux – Vulnerability in libssh
A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...
Photon OS 5.0: Libssh PHSA-2026-5.0-0782
An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0782. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
libssh: Incorrect Return Code Handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Moderate: Red Hat Security Advisory: libssh security update
An update for libssh is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
RHEL 8 : libssh (RHSA-2026:25911)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25911 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...
Updated libssh packages fix security vulnerabilities
CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the sshgethexa causes 1-byte buffer underflow on...
EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2026-2376)
According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2026-2405)
According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
Updated libssh packages fix security vulnerabilities
CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...
EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2299)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...
EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2342)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...