[SECURITY] Fedora 44 Update: libssh2-1.11.1-6.fc44

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

Fedora 44 : libssh2 (2026-f87ac8187c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f87ac8187c advisory. This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...

Critical Photon OS Security Update - PHSA-2026-5.0-0857

Updates of 'libssh2', 'rubygem-nokogiri', 'glibc', 'strongswan' packages of Photon OS have been released...

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

Astra Linux - уязвимость в libgit2

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Previous versions of libgit2 required the caller to set the certificatecheck field of the libgit2’s...

CLSA-2026-1779216196 libssh2: Fix of CVE-2026-7598

CVE-2026-7598: fix integer overflow in userauthpassword CVE-2026-7598...

OESA-2026-2336 libssh2 security update

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10. Security Fixes: A security vulnerability has been detected in libssh2 up to 1.11.1. The...

CLSA-2026-1778745959 libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

libssh2: Fix of CVE-2026-7598

CVE-2026-7598: add usernamelen/passwordlen bounds checks in userauthlist and userauthpassword to prevent integer overflow when allocating the SSH USERAUTHREQUEST packet buffer...

CLSA-2026-1778247114 libssh2: Fix of CVE-2026-7598

CVE-2026-7598: fix integer overflow in userauthpassword CVE-2026-7598...

JLSEC-2026-492

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

CLSA-2026-1778159627 libssh2: Fix of 2 CVEs

CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...

libssh2: Fix of 2 CVEs

CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...

CVE-2026-7598 affecting package libssh2 for versions less than 1.11.1-2

CVE-2026-7598 affecting package libssh2 for versions less than 1.11.1-2. A patched version of the package is available...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-7598)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-7598 advisory. - A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the...

SUSE CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

Astra Linux - уязвимость в libssh2

The vulnerability of the libssh2ntohu32 function in the SSH2 protocol implementation library Libssh2 involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and also cause service failures...

Astra Linux - уязвимость в libssh2

The vulnerability of the libssh2packetadd function in the packet.c component of the SSH2 implementation library Libssh2 is related to insufficient input validation. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Astra Linux - уязвимость в libssh2

An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory...