Libssh2

Libssh2

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.28%
  • Veröffentlicht 28.06.2026 02:16:32
  • Zuletzt bearbeitet 30.06.2026 17:42:04

libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized en...

  • EPSS 0.33%
  • Veröffentlicht 28.06.2026 02:16:32
  • Zuletzt bearbeitet 30.06.2026 20:27:36

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplic...

Medienbericht
  • EPSS 0.27%
  • Veröffentlicht 18.06.2026 20:18:29
  • Zuletzt bearbeitet 26.06.2026 02:35:13

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause...

Medienbericht Exploit
  • EPSS 0.73%
  • Veröffentlicht 17.06.2026 19:03:15
  • Zuletzt bearbeitet 01.07.2026 05:16:22

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large pac...

Medienbericht
  • EPSS 0.41%
  • Veröffentlicht 17.06.2026 18:44:18
  • Zuletzt bearbeitet 26.06.2026 19:16:37

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a craft...

  • EPSS 0.47%
  • Veröffentlicht 01.05.2026 21:30:11
  • Zuletzt bearbeitet 30.06.2026 03:21:22

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack m...

Medienbericht Exploit
  • EPSS 93.31%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 12.05.2026 11:16:15

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

  • EPSS 0.91%
  • Veröffentlicht 22.08.2023 19:16:19
  • Zuletzt bearbeitet 21.11.2024 05:13:11

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

Exploit
  • EPSS 3.79%
  • Veröffentlicht 21.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:22

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be ...

Exploit
  • EPSS 11.66%
  • Veröffentlicht 16.07.2019 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:24:13

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH serve...