908 matches found
[SECURITY] Fedora 43 Update: libssh2-1.11.1-9.fc43
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...
ROOT-OS-DEBIAN-13-CVE-2026-58050 CVE-2026-58050 in rootio-libssh2 - Patched by Root
Root has patched CVE-2026-58050 in the rootio-libssh2 package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2026-55200 CVE-2026-55200 in rootio-libssh2 - Patched by Root
Root has patched CVE-2026-55200 in the rootio-libssh2 package for Root:Debian:12. Multiple fixed versions available...
USN-8486-1: libssh2 vulnerabilities
It was discovered that libssh2 incorrectly handled the sftpsymlink function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. CVE-2025-15661 It was discovered that libssh2 had a pre-authentication...
USN-8486-1 libssh2 vulnerabilities
It was discovered that libssh2 incorrectly handled the sftpsymlink function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. CVE-2025-15661 It was discovered that libssh2 had a pre-authentication...
Photon OS 5.0: Libssh2 PHSA-2026-5.0-0900
An update of the libssh2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0900. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2026-58051
A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...
CVE-2026-58050
A flaw in libssh2 allows a malicious SSH server to trigger a memory overflow by sending a manipulated attribute count. This can cause the connecting client to crash or allow unauthorized code execution. Mitigation To mitigate this issue,ensure your applications are running strictly on 64-bit...
CVE-2026-55200 vulnerabilities
Vulnerabilities for packages: libssh2...
GHSA-R8MH-X5QV-7GG2 vulnerabilities
Vulnerabilities for packages: libssh2...
CVE-2026-55200 vulnerabilities
Vulnerabilities for packages: libssh2...
GHSA-R8MH-X5QV-7GG2 vulnerabilities
Vulnerabilities for packages: libssh2...
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...
[SECURITY] Fedora 44 Update: libssh2-1.11.1-9.fc44
libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...
Fedora 44 : libssh2 (2026-ca858b3ed8)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ca858b3ed8 advisory. This update addresses a few security issues, one of which could plausibly result in remote code execution. Tenable has extracted the preceding...
CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
DEBIAN-CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
UBUNTU-CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...