22 matches found
golang.org/x/crypto: Invoking VerifiedPublicKeyCallback permissions skip enforcement
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...
RHSA-2026:25911 Red Hat Security Advisory: libssh security update
Bulletin has no description...
EulerOS Virtualization 2.12.1 : libssh (EulerOS-SA-2026-2080)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
...
USN-8309-1 libssh2 vulnerability
It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...
OESA-2026-1653 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
CVE-2026-3731
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...
libssh 安全漏洞
libssh is a C-language development package from the libssh organization, designed for accessing SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has a security vulnerability, which stems from an overflow in...
CVE-2025-47913
SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...
RHSA-2025:19101 Red Hat Security Advisory: libssh security update
Bulletin has no description...
[SECURITY] Fedora 41 Update: libssh-0.11.3-1.fc41
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...
Photon OS 4.0: Libssh PHSA-2025-4.0-0856
An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0856. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2017-3204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to...
CVE-2025-5449
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...
The vulnerability of the chacha20_poly1305_set_key() function in the libssh library, which allows a hacker to disclose sensitive information
The vulnerability of the chacha20poly1305setkey function in the libssh library is related to the lack of checking for the returned value. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
UBUNTU-CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CLSA-2025-1749821936 openssh: Fix of CVE-2025-32728
CVE-2025-32728: fix logic error in DisableForwarding option...
Vulnerabilities fixed in IBM MQ
IBM has fixed multiple vulnerabilities in supporting software supplied with IBM MQ. The vulnerabilities are in gzip, jackson-databind, libssh, gnutls, nettle and zlib and have been previously fixed in the individual products. A malicious party could potentially exploit the vulnerabilities to gain...
USN-4447-1 libssh vulnerability
It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service...