VYPR

Libssh2

by Libssh2

Source repositories

CVEs (20)

  • CVE-2026-7598HigMay 1, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The…

  • CVE-2023-48795MedDec 18, 2023
    risk 0.39cvss 5.9epss 0.93

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…

  • CVE-2016-0787MedApr 13, 2016
    risk 0.39cvss 5.9epss 0.03

    The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."

  • CVE-2019-13115Jul 16, 2019
    risk 0.01cvss epss 0.12

    In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose…

  • CVE-2019-3863Mar 25, 2019
    risk 0.01cvss epss 0.03

    A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to…

  • CVE-2019-3855Mar 21, 2019
    risk 0.01cvss epss 0.09

    An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the…

  • CVE-2019-3862Mar 20, 2019
    risk 0.01cvss epss 0.08

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client…

  • CVE-2026-58051Jun 28, 2026
    risk 0.00cvss epss 0.00

    libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server…

  • CVE-2026-58050Jun 28, 2026
    risk 0.00cvss epss 0.00

    libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an…

  • CVE-2025-15661Jun 18, 2026
    risk 0.00cvss epss 0.00

    libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted…

  • CVE-2026-55200Jun 17, 2026
    risk 0.00cvss epss 0.01

    libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt…

  • CVE-2026-55199Jun 17, 2026
    risk 0.00cvss epss 0.00

    libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A…

  • CVE-2020-22218Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.

  • CVE-2019-17498Oct 21, 2019
    risk 0.00cvss epss 0.04

    In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive…

  • CVE-2019-3856Mar 25, 2019
    risk 0.00cvss epss 0.06

    An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to…

  • CVE-2019-3857Mar 25, 2019
    risk 0.00cvss epss 0.06

    An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system…

  • CVE-2019-3860Mar 25, 2019
    risk 0.00cvss epss 0.05

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2019-3861Mar 25, 2019
    risk 0.00cvss epss 0.05

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client…

  • CVE-2019-3859Mar 20, 2019
    risk 0.00cvss epss 0.06

    An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

  • CVE-2015-1782Mar 13, 2015
    risk 0.00cvss epss 0.04

    The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.