Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libssh | fixed | 0.12.0-1 | package | |
| libssh | no-dsa | trixie | package | |
| libssh | no-dsa | bookworm | package | |
| libssh | postponed | bullseye | package |
Примечания
https://www.libssh.org/security/advisories/CVE-2026-0968.txt
Tests: https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03 (libssh-0.11.4)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9 (libssh-0.11.4)
EPSS
Процентиль: 8%
0.00029
Низкий
Связанные уязвимости
CVSS3: 3.1
redhat
около 2 месяцев назад
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.
EPSS
Процентиль: 8%
0.00029
Низкий