CVE-2026-0968

Critical CVSS: 9.8

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

Vendor

Libssh

Product

Libssh

CWE

CWE-476

Yayın Tarihi

2026-03-26 21:17:01

Güncelleme

2026-04-03 20:06:16

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-476 Libssh CRITICAL Libssh 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-0968 https://bugzilla.redhat.com/show_bug.cgi?id=2436982 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

Benzer Kayıtlar

Low

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker c…

Medium

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could cra…

Medium

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sft…

Medium

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length…

Medium

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key e…

High

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust th…