1810 matches found
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...
Astra Linux - уязвимость в libssh
A flaw was discovered in the libssh library in versions prior to 0.11.2. An out-of-bounds read vulnerability can occur in the sftphandle function due to an incorrect comparison check. This allows the function to access memory beyond the valid handle list and to return an invalid pointer, which is...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or the knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resour...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh’s handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, especially...
Astra Linux - уязвимость в libssh
A NULL pointer dereference was detected in libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, a failure in cryptographic functions may lead to a NULL pointer being dereferenced. This issue can cause the client or server to crash...
Astra Linux - уязвимость в libssh
A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...
Astra Linux - уязвимость в libssh
A flaw was discovered in the abstract layer of the libssh library responsible for message digest MD operations, which is implemented by different supported crypto backends. The return values from these operations were not properly checked, which could lead to low-memory situations, NULL...
Astra Linux - уязвимость в libssh
A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh. By using the ProxyCommand or ProxyJump feature, users can exploit unvalidated hostname syntax on the client side. This issue may allow an attacker to inject malicious code into the commands related to these features via the hostname parameter...
Astra Linux - уязвимость в libssh
A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...
Astra Linux - уязвимость в libssh
The API function sshgethexa is vulnerable when a 0-length input is provided to this function. This function is internally used in sshgetfingerprinthash and sshprinthexa deprecated, and it is also vulnerable to such inputs the length of the input is provided by the calling application. This functi...
Astra Linux - уязвимость в libssh
A vulnerability has been identified in libssh up to version 0.11.3. The affected element is the function sftpextensionsgetname/sftpextensionsgetdata in the file src/sftp.c of the SFTP Extension Name Handler component. Performing operations on the argument idx can lead to out-of-bounds read...
Astra Linux - уязвимость в libssh
A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...
Astra Linux - уязвимость в curl
When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...
openSUSE 16 Security Update : libssh (openSUSE-SU-2026:20647-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20647-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of...
SUSE-SU-2026:21396-1 Security update for libssh
This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...
SUSE-SU-2026:21428-1 Security update for libssh
This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...
GHSA-5JF9-8F86-JHVW vulnerabilities
Vulnerabilities for packages: libssh, libssh2...
CVE-2025-14821 vulnerabilities
Vulnerabilities for packages: libssh, libssh2...