RHEL 9 : libssh (RHSA-2025:19012)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19012 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3

CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3. A patched version of the package is available...

RHSA-2025:18286 Red Hat Security Advisory: libssh security update

Bulletin has no description...

RHSA-2025:18275 Red Hat Security Advisory: libssh security update

Bulletin has no description...

RHSA-2025:18231 Red Hat Security Advisory: libssh security update

Bulletin has no description...

AlmaLinux 8 : libssh (ALSA-2025:18286)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:18286 advisory. libssh: out-of-bounds read in sftphandle CVE-2025-5318 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

Oracle Linux 8 : libssh (ELSA-2025-18286)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-18286 advisory. 0.9.6-15 - Fix CVE-2025-5318 Resolves: RHEL-111724 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID during the key exchange KEX process bsc1246974 CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange bsc1249375 Patch Instructions: To install this SUSE upda...

libssh: out-of-bounds read in sftp_handle()

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2025:18286 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

RHEL 8 : libssh (RHSA-2025:18286)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:18286 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

JLSEC-2025-98 A flaw was found in the key export functionality of libssh

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...

JLSEC-2025-96 A flaw was found in the libssh library in versions less than 0.11.2

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in...

JLSEC-2025-99 A flaw was found in libssh, a library that implements the SSH protocol

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

JLSEC-2025-100 A flaw was found in the SFTP server message decoding logic of libssh

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

JLSEC-2025-97 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

libssh security update

0.9.6-15 - Fix CVE-2025-5318 Resolves: RHEL-111724...

libssh security update

An update is available for libssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...