libssh2
OSS Librariesoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting libssh2.
- CVE-2026-58051libssh2 - Free of Uninitialized Pointer in publickey List Cleanup6.5
- CVE-2026-58050libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation7.0
- CVE-2025-15661libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c6.5
- CVE-2026-55200libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c8.1
- CVE-2026-55199libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler5.9
- CVE-2026-7598libssh2 userauth.c userauth_password integer overflow7.3
- CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9
- CVE-2020-22218An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.7.5
- CVE-2019-17498In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a...8.1
- CVE-2019-13115In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the ...8.1
- CVE-2019-3856An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH ...8.8
- CVE-2019-3857An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attack...8.8
- CVE-2019-3860An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denia...5.0
- CVE-2019-3861An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a S...5.0
- CVE-2019-3863A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than u...7.5