CVE-2026-0965

Low CVSS: 3.3

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

Vendor

Libssh

Product

Libssh

CWE

CWE-73

Yayın Tarihi

2026-03-26 21:17:00

Güncelleme

2026-04-02 17:33:46

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-73 Libssh LOW Libssh 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-0965 https://bugzilla.redhat.com/show_bug.cgi?id=2436980

Benzer Kayıtlar

Critical

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a m…

Medium

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could cra…

Medium

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sft…

Medium

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length…

Medium

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key e…

High

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust th…