9.1
CVE-2026-7598
- EPSS 0.47%
- Veröffentlicht 01.05.2026 21:30:11
- Zuletzt bearbeitet 30.06.2026 03:21:22
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
libssh2 userauth.c userauth_password integer overflow
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.369 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| cna@vuldb.com | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://vuldb.com/vuln/360555
https://vuldb.com/vuln/360555/cti
https://vuldb.com/submit/805564
https://github.com/libssh2/libssh2/pull/1858
https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1
https://github.com/libssh2/libssh2/
https://access.redhat.com/errata/RHSA-2026:16736
https://access.redhat.com/errata/RHSA-2026:7021
https://access.redhat.com/security/cve/CVE-2026-7598
https://bugzilla.redhat.com/show_bug.cgi?id=2464597
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7598.json