CLSA-2026-1778237316 libssh: Fix of CVE-2026-0964

CVE-2026-0964: reject invalid filenames in sshscppullrequest to prevent path traversal via SCP...

CLSA-2026-1777939234 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

SUSE SLES16 Security Update : libssh (SUSE-SU-2026:21428-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21428-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible...

Astra Linux – Vulnerability in libssh

In libssh 0.9.4, there is a NULL pointer dereferencing in tftpserver.c if sshbuffernew returns NULL...

Astra Linux - уязвимость в libssh

A vulnerability has been identified in libssh up to version 0.11.3. The affected element is the function sftpextensionsgetname/sftpextensionsgetdata in the file src/sftp.c of the SFTP Extension Name Handler component. Performing operations on the argument idx can lead to out-of-bounds read...

Astra Linux - уязвимость в libssh

A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...

Astra Linux - уязвимость в libssh

The API function sshgethexa is vulnerable when a 0-length input is provided to this function. This function is internally used in sshgetfingerprinthash and sshprinthexa deprecated, and it is also vulnerable to such inputs the length of the input is provided by the calling application. This functi...

Astra Linux - уязвимость в libssh

A flaw was discovered in libssh. A remote attacker, by controlling client configuration files or the knownhosts files, could create specific hostnames that, when processed by the matchpattern function, could lead to inefficient regular expression backtracking. This could cause timeouts and resour...

Astra Linux - уязвимость в curl

When performing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl may still mistakenly accept connections to hosts that are not present in the specified file, if those hosts are added as recognized in the libssh global knownhosts file...

Astra Linux - уязвимость в libssh

A flaw was discovered in libssh, where a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed ‘longname’ field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond the allocated memory on the heap. Thi...

openSUSE 16 Security Update : libssh (openSUSE-SU-2026:20647-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20647-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of...

SUSE-SU-2026:21428-1 Security update for libssh

This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...

SUSE-SU-2026:21396-1 Security update for libssh

This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...

CVE-2025-14821 vulnerabilities

Vulnerabilities for packages: libssh2, libssh...

GHSA-5JF9-8F86-JHVW vulnerabilities

Vulnerabilities for packages: libssh2, libssh...

CVE-2025-14821 vulnerabilities

Vulnerabilities for packages: libssh, libssh2...

GHSA-5JF9-8F86-JHVW vulnerabilities

Vulnerabilities for packages: libssh, libssh2...

Medium: libssh

Issue Overview: libssh OOB Read in sftpparselongname CVE-2026-0968 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1632 --releasever 2023.11.20260427 to update your system. More information on how to update you...

Security update for libssh (moderate)

openSUSE security update: security update for libssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20647-1 Rating: moderate References: bsc1246974 bsc1249375 bsc1258045 bsc1258049 bsc1258054 bsc1258080 bsc1258081 Cross-References: CVE-2025-8114...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1632)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1632 advisory. libssh OOB Read in sftpparselongname CVE-2026-0968 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this iss...