EulerOS Virtualization 2.12.1 : libssh (EulerOS-SA-2026-2080)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

...

USN-8309-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

OESA-2026-1653 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

libssh 安全漏洞

libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from an overflow in...

CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

RHSA-2025:19101 Red Hat Security Advisory: libssh security update

Bulletin has no description...

[SECURITY] Fedora 41 Update: libssh-0.11.3-1.fc41

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Linux Distros Unpatched Vulnerability : CVE-2017-3204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to...

Photon OS 4.0: Libssh PHSA-2025-4.0-0856

An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0856. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

The vulnerability of the chacha20_poly1305_set_key() function in the libssh library, which allows a hacker to disclose sensitive information

The vulnerability of the chacha20poly1305setkey function in the libssh library is related to the lack of checking for the returned value. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

UBUNTU-CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

CLSA-2025-1749821936 openssh: Fix of CVE-2025-32728

CVE-2025-32728: fix logic error in DisableForwarding option...

Vulnerabilities fixed in IBM MQ

IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...

USN-4447-1 libssh vulnerability

It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...

UBUNTU-CVE-2017-18594

nselibssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse...

libssh2 out-of-bounds read vulnerability (CNVD-2019-07803)

libssh2 is a client-side C library that implements the SSH2 protocol, which is capable of executing remote commands, file transfers, and providing a secure transmission channel for remote programs. The 'libssh2packetrequire' and 'libssh2packetrequirev' functions in libssh2 have an out-of-bounds...