EUVD-2026-16332

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-0965

CVE-2026-0965 describes a vulnerability in libssh where the parser may attempt to open arbitrary files during configuration parsing. A local attacker could exploit this by supplying a malicious or misconfigured configuration file, potentially causing a Denial of Service by causing the system to a...

CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0967

CVE-2026-0967 describes a denial-of-service in libssh where an attacker can craft hostnames via client config or known_hosts files that, when processed by match_pattern(), trigger inefficient regular expression backtracking. The result is timeouts and resource exhaustion on the client side. Publi...

CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0968

CVE-2026-0968 : A flaw in libssh allows a malicious SFTP server to cause an out-of-bounds read by sending a malformed ‘longname’ in SSH_FXP_NAME during directory listings. This null-check omission can read past allocated heap memory, potentially triggering DoS via application crashes. The issue i...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...