VYPR

rpm package

opensuse/libssh2_org&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libssh2_org&distro=openSUSE%20Tumbleweed

Vulnerabilities (17)

  • CVE-2025-15661Jun 18, 2026
    affected < 1.11.1-3.1fixed 1.11.1-3.1

    libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted

  • CVE-2026-55200Jun 17, 2026
    affected < 1.11.1-3.1fixed 1.11.1-3.1

    libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt h

  • CVE-2026-55199Jun 17, 2026
    affected < 1.11.1-3.1fixed 1.11.1-3.1

    libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A ma

  • CVE-2026-7598HigMay 1, 2026
    affected < 1.11.1-3.1fixed 1.11.1-3.1

    A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The n

  • CVE-2023-48795MedDec 18, 2023
    affected < 1.11.0-2.1fixed 1.11.0-2.1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2019-17498Oct 21, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive inf

  • CVE-2019-3856Mar 25, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the

  • CVE-2019-3857Mar 25, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system wh

  • CVE-2019-3860Mar 25, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2019-3861Mar 25, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memor

  • CVE-2019-3863Mar 25, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to co

  • CVE-2019-3858Mar 21, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2019-3855Mar 21, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the serv

  • CVE-2019-3862Mar 20, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client m

  • CVE-2019-3859Mar 20, 2019
    affected < 1.9.0-3.6fixed 1.9.0-3.6

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2016-0787MedApr 13, 2016
    affected < 1.7.0-1.5fixed 1.7.0-1.5

    The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

  • CVE-2015-1782Mar 13, 2015
    affected < 1.7.0-1.5fixed 1.7.0-1.5

    The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.

VYPR — Vulnerability Intelligence