CVE-2026-0968

CVE-2026-0968 : A flaw in libssh allows a malicious SFTP server to cause an out-of-bounds read by sending a malformed ‘longname’ in SSH_FXP_NAME during directory listings. This null-check omission can read past allocated heap memory, potentially triggering DoS via application crashes. The issue i...

CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0966 Libssh: libssh: denial of service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

CVE-2026-0964

CVE-2026-0964 is reported as a path-traversal vulnerability in libssh’s SCP handling (ssh_scp_pull_request), allowing a malicious SCP server to reference paths outside the working directory and potentially overwrite local files. The issue is documented across multiple advisories (ALAS2023-2026-14...

CVE-2026-0966

CVE-2026-0966 affects the libssh library with a buffer underflow in ssh_get_hexa() on invalid input. The issue occurs because ssh_get_hexa() is used by ssh_get_fingerprint_hash() and the deprecated ssh_print_hexa(), and also in gssapi logging. Remote triggering is possible when GSSAPI authenticat...

OESA-2026-1656 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1655 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1654 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2026-1652 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

CLSA-2026-1774007374 libssh: Fix of CVE-2026-3731

CVE-2026-3731: Validate idx and add bounds checks; prevent out-of-bounds read in SFTP Extension Name Handler via manipulated idx...

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

SUSE-SU-2026:0936-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377...

CLSA-2026-1773932358 libssh: Fix of CVE-2026-3731

Fix CVE-2026-3731: out-of-bounds read in SFTP extension name handler...

CLSA-2026-1773931583 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...

CLSA-2026-1773930993 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix off-by-one in sftpextensionsgetname/sftpextensionsgetdata...

SUSE-SU-2026:20767-1 Security update for libssh

This update for libssh fixes the following issue: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377...

CLSA-2026-1773830791 libssh: Fix of CVE-2026-3731

CVE-2026-3731: fix out-of-bounds read in sftpextensionsgetname and sftpextensionsgetdata when idx equals the extension count...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : libssh vulnerability (USN-8093-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8093-1 advisory. It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a...