852 matches found
The vulnerabilities in libssh2 are addressed through libssh.
LibSSH has vulnerabilities in libssh2, including versions up to 1.11.1. The first vulnerability involves a denial-of-service attack during the pre-authentication phase, within the SSHMSGEXTINFO handler. A malicious SSH server can send a specially constructed extensioncount value, causing the clie...
CVE-2026-55199
A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client's CPU, resulting in a denial of service. Mitigation To mitigate this issue, ensure your libssh2...
CVE-2026-55200
An out-of-bounds write vulnerability exists in the libssh2 client. A remote attacker can exploit this by sending a specially crafted SSH packet with an abnormally large length value. This corrupts the application's memory and can potentially allow the attacker to execute arbitrary code on the...
SUSE CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
Linux Distros Unpatched Vulnerability : CVE-2025-15661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a...
Linux Distros Unpatched Vulnerability : CVE-2026-55200
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on...
Linux Distros Unpatched Vulnerability : CVE-2026-55199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that...
Astra Linux – Vulnerability in libgit2
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Previous versions of libgit2 required the caller to set the certificatecheck field of the libgit2’s...
SUSE CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...
DEBIAN-CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
UBUNTU-CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
Summary (CVE-2025-15661): libssh2 up to 1.11.1 contains a heap over-read in the sftp_symlink() implementation (src/sftp.c). A crafted SSH_FXP_NAME response can cause a heap buffer over-read when a link_len value exceeds actual packet data during SFTP READLINK/REALPATH, due to missing validation o...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
PT-2026-50786
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 commit 2dae302 Description An out-of-bounds heap read exists in the sftp symlink function within src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a cra...
DEBIAN-CVE-2026-55199
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...
CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...
UBUNTU-CVE-2026-55199
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...