27 matches found
DEBIAN-CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
DEBIAN-CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
UBUNTU-CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58051
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
EUVD-2026-39971
libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...
CVE-2026-58051
CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...
CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58050
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
CVE-2026-58050
CVE-2026-58050 affects libssh2 up to 1.11.1. The publickey subsystem reads an attacker-controlled 32-bit attribute count and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking. On 32-bit platforms, this multiplication can overflow, producing an under...
EUVD-2026-39970
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs sizeoflibssh2publickeyattribute without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious S...
Linux Distros Unpatched Vulnerability : CVE-2026-58050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation numattrs...
PT-2026-53083
Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...
PT-2026-3650
A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2024-26130
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...
Linux: SSH AuthenticationMethods and RequiredAuthentications
sshd reads configuration data from /etc/ssh/sshdconfig or the file specified with -f on the command line. The file contains keyword-argument pairs, one per line. Lines starting with SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
GO-2021-0356 Denial of service via crafted Signer in golang.org/x/crypto/ssh
Attackers can cause a crash in SSH servers when the server has been configured by passing a Signer to ServerConfig.AddHostKey such that 1 the Signer passed to AddHostKey does not implement AlgorithmSigner, and 2 the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey...
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...