EulerOS Virtualization 2.12.0 : libssh (EulerOS-SA-2026-2105)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

Advisory ROSA-SA-2026-3275

software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-4 affected versions libssh-0.9.8-4 CVE-ID: CVE-2026-3731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A read outside allocated buffer vulnerability in the SFTP Extension Name Handler component of the libssh library allows a...

SUSE-SU-2026:1344-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. - CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh (SUSE-SU-2026:1310-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1310-1 advisory. - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377...

OESA-2026-1656 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1654 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1653 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

CLSA-2026-1774007526 Fix CVE(s): CVE-2026-3731

SECURITY UPDATE: out-of-bounds read in sftp extension name handler - debian/patches/CVE-2026-3731.patch: fix off-by-one bounds check in sftpextensionsgetname and sftpextensionsgetdata - CVE-2026-3731...

SUSE-SU-2026:0936-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377...

CLSA-2026-1773931583 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...

OESA-2026-1560 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

CVE-2026-3731

A flaw was found in libssh. A remote attacker could trigger an out-of-bounds read vulnerability in the SFTP Extension Name Handler by manipulating the idx argument in the sftpextensionsgetname or sftpextensionsgetdata functions. This could lead to a Denial of Service DoS, making the affected syst...

AZL-79547 CVE-2026-3731 affecting package libssh 0.10.6-5

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

CVE-2026-3731

CVE-2026-3731 affects libssh up to version 0.11.3, specifically the SFTP Extension Name Handler in src/sftp.c (functions sftp_extensions_get_name and sftp_extensions_get_data). Manipulating the idx argument can trigger an out-of-bounds read, with the threat potentially remote. The issue is addres...

PT-2026-23936

Name of the Vulnerable Software and Affected Versions libssh versions up to 0.11.3 Description A flaw exists in libssh related to the SFTP Extension Name Handler component, specifically within the sftp extensions get name and sftp extensions get data functions in the src/sftp.c file. A manipulati...

MGASA-2015-0485 Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...