1859 matches found
Astra Linux – Vulnerability in libssh
A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resource...
Astra Linux – Vulnerability in curl
When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...
Astra Linux – Vulnerability in libssh
A vulnerability has been identified in libssh up to version 0.11.3. The affected element is the function sftpextensionsgetname/sftpextensionsgetdata in the file src/sftp.c of the SFTP Extension Name Handler component. Performing operations on the argument idx can lead to out-of-bounds read...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...
Photon OS 5.0: Libssh PHSA-2026-5.0-0782
An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0782. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
libssh: Incorrect Return Code Handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Moderate: Red Hat Security Advisory: libssh security update
An update for libssh is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
RHEL 8 : libssh (RHSA-2026:25911)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25911 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...
Updated libssh packages fix security vulnerabilities
CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the sshgethexa causes 1-byte buffer underflow on...
EulerOS Virtualization 2.13.0 : libssh (EulerOS-SA-2026-2405)
According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2026-2376)
According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
Updated libssh packages fix security vulnerabilities
CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...
EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2342)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...
EulerOS 2.0 SP13 : libssh (EulerOS-SA-2026-2299)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the fil...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2214)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...
RHSA-2026:24349 Red Hat Security Advisory: libssh security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: libssh security update
An update for libssh is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...
Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1759)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1759 advisory. A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name...