Known Vulnerabilities for products from Libssh
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libssh".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-0968 json | Not Provided | 2026-03-26 | 2026-04-13 | |
| CVE-2026-0967 json | A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft sp... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2026-0966 json | A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-lengt... | Not Provided | 2026-03-26 | 2026-05-11 |
| CVE-2026-0965 json | A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can ex... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2026-0964 json | A malicious SCP server can send unexpected paths that could make the client application override local files outside of worki... | Not Provided | 2026-03-26 | 2026-04-30 |
| CVE-2025-14821 json | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure She... | Not Provided | 2026-04-07 | 2026-04-29 |
| CVE-2025-8277 json | Not Provided | 2025-09-09 | 2026-05-06 | |
| CVE-2025-4878 json | Not Provided | 2025-07-22 | 2026-05-06 | |
| CVE-2023-48795 json | Not Provided | 2023-12-18 | 2026-05-12 | |
| CVE-2023-6918 json | 5.3 - MEDIUM | 2023-12-19 | 2024-01-04 | |
| CVE-2023-6004 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2024-01-03 | 2024-01-25 |
| CVE-2023-3603 json | A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The... | 6.5 - MEDIUM | 2023-07-21 | 2023-11-07 |
| CVE-2023-2283 json | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verif... | 6.5 - MEDIUM | 2023-05-26 | 2024-02-01 |
| CVE-2023-1667 json | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticate... | 6.5 - MEDIUM | 2023-05-26 | 2023-12-22 |
| CVE-2021-3634 json | A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lif... | 6.5 - MEDIUM | 2021-08-31 | 2023-12-22 |
| CVE-2020-16135 json | libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | 5.9 - MEDIUM | 2020-07-29 | 2023-11-07 |
| CVE-2020-1730 json | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) c... | 5.3 - MEDIUM | 2020-04-13 | 2023-11-07 |
| CVE-2019-14889 json | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP cl... | 8.8 - HIGH | 2019-12-10 | 2023-11-07 |
| CVE-2018-10933 json | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could cre... | 9.1 - CRITICAL | 2018-10-17 | 2019-10-09 |
| CVE-2016-0739 json | libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman... | Not Provided | 2016-04-13 | 2026-05-06 |
Known software with vulnerabilities from Libssh
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libssh | Libssh | 0.4.7 |