1778 matches found
CVE-2026-54886
A flaw was found in the Erlang OTP ssh Secure Shell component, specifically within its SFTP SSH File Transfer Protocol module. An authenticated SFTP user can exploit this vulnerability by sending specially crafted extended data on an open channel. This action triggers an infinite loop in the...
EUVD-2026-41495
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
CVE-2026-12064
CVE-2026-12064 affects curl versions including 7.81.0 prior to 8.21.0. When using a schemeless URL with --proto-default for SFTP/ SCP, the tool layer fails to initialize SSH host verification options (CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS) while libcurl proceeds with the c...
CVE-2026-54886
The vulnerability CVE-2026-54886 affects Erlang/OTP's SSH server side (ssh_sftpd) and allows an authenticated SFTP client to trigger an infinite loop on a channel by sending SSH_MSG_CHANNEL_EXTENDED_DATA. The handle_data/4 clause tail-calls itself when a non-zero data_type_code arrives with an em...
EUVD-2026-41413
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
CVE-2026-54886
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
EEF-CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle\data/4 function in ssh\sftpd contains a catch-all clause that accepts channel data of any...
EEF-CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Summary Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH\FXP\REALPATH handler in ssh\sftpd calls relate\file\name/3 with...
CVE-2026-53422
CVE-2026-53422 describes an Observable Response Discrepancy in Erlang OTP ssh_sftpd where the REALPATH path handling bypasses root validation, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The root cause is that SSH_FXP_REALPATH u...
EUVD-2026-41410
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
USN-8486-1: libssh2 vulnerabilities
It was discovered that libssh2 incorrectly handled the sftpsymlink function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. CVE-2025-15661 It was discovered that libssh2 had a pre-authentication...
USN-8486-1 libssh2 vulnerabilities
It was discovered that libssh2 incorrectly handled the sftpsymlink function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. CVE-2025-15661 It was discovered that libssh2 had a pre-authentication...
Curl 7.81.0 < 8.21.0 Proto-Default Skips SSH Verification
The version of curl installed on the remote host is 7.81.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a user invokes curl using a schemeless URL combined with --proto-default sftp, a disconnect occurs that erroneously bypasses the initializati...
Astra Linux – Vulnerability in curl
When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...
UBUNTU-CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
UBUNTU-CVE-2026-9547
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
SUSE CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
DEBIAN-CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...
UBUNTU-CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...