Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2026-1073)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2026-1052)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh’s handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, especially...

Astra Linux – Vulnerability in libssh

A flaw was discovered in the libssh library in versions prior to 0.11.2. An out-of-bounds read vulnerability can occur in the sftphandle function due to an incorrect comparison check. This allows the function to access memory beyond the valid handle list and to return an invalid pointer, which is...

Astra Linux - уязвимость в libssh

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, a failure in cryptographic functions may lead to a NULL pointer being dereferenced. This issue can cause the client or server to crash...

Astra Linux - уязвимость в libssh

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Astra Linux – Vulnerability in libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...

MiracleLinux 9 : libssh-0.10.4-15.el9_7 (AXSA:2025-11432:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11432:04 advisory. libssh: out-of-bounds read in sftphandle CVE-2025-5318 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 9 : libssh-0.10.4-15.el9_6 (AXSA:2025-10974:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10974:01 advisory. libssh: out-of-bounds read in sftphandle CVE-2025-5318 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 8 : libssh-0.9.6-15.el8_10 (AXSA:2025-10984:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10984:02 advisory. libssh: out-of-bounds read in sftphandle CVE-2025-5318 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

RHEL 9 : libssh (RHSA-2026:0431)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0431 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

MiracleLinux 9 : libssh-0.10.4-17.el9_7 (AXSA:2025-11566:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11566:05 advisory. libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 Tenable has extracted the preceding description block directly from the...

RHEL 9 : libssh (RHSA-2026:0430)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0430 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

MiracleLinux 8 : libssh-0.9.6-16.el8_10 (AXSA:2025-11173:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11173:03 advisory. libssh: Incorrect Return Code Handling in sshkdf in libssh CVE-2025-5372 Tenable has extracted the preceding description block directly from the MiracleLinu...

RHEL 9 : libssh (RHSA-2026:0428)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0428 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

RHEL 10 : libssh (RHSA-2026:0427)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0427 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...