2 matches found
OPENSUSE-SU-2026:21057-1 Security update for libssh2_org
This update for libssh2org fixes the following issues - CVE-2026-55199: pre-Authentication DoS via SSHMSGEXTINFO Handler bsc1268530. - CVE-2026-55200: out-of-Bounds write via Unchecked packetlength in transport.c bsc1268531...
CVE-2026-55199
libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...