Количество 6
Количество 6
CVE-2026-0966
[Buffer underflow in ssh_get_hexa() on invalid input]
CVE-2026-0966
The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.
CVE-2026-0966
[Buffer underflow in ssh_get_hexa() on invalid input]
GHSA-wcqf-w94x-4wg2
The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.
SUSE-SU-2026:0779-1
Security update for libssh
SUSE-SU-2026:0778-1
Security update for libssh
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input] | около 2 месяцев назад | ||
 | CVE-2026-0966 The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process. | CVSS3: 6.5 | около 2 месяцев назад | |
| CVE-2026-0966 [Buffer underflow in ssh_get_hexa() on invalid input] | - | ||
| GHSA-wcqf-w94x-4wg2 The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process. | CVSS3: 6.5 | 4 дня назад | |
 | SUSE-SU-2026:0779-1 Security update for libssh | 28 дней назад | ||
| SUSE-SU-2026:0778-1 Security update for libssh | 28 дней назад |
Уязвимостей на страницу