Known Vulnerabilities for products from Libssh
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libssh".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-0968 json | A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malfor... | Not Provided | 2026-03-26 | 2026-05-19 |
| CVE-2026-0967 json | A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft sp... | Not Provided | 2026-03-26 | 2026-05-19 |
| CVE-2026-0966 json | A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-lengt... | Not Provided | 2026-03-26 | 2026-05-19 |
| CVE-2026-0965 json | A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can ex... | Not Provided | 2026-03-26 | 2026-05-19 |
| CVE-2026-0964 json | A malicious SCP server can send unexpected paths that could make the client application override local files outside of worki... | Not Provided | 2026-03-26 | 2026-05-19 |
| CVE-2025-14821 json | Not Provided | 2026-04-07 | 2026-04-28 | |
| CVE-2025-8277 json | Not Provided | 2025-09-09 | 2026-05-19 | |
| CVE-2025-8114 json | A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchan... | Not Provided | 2025-07-24 | 2026-05-19 |
| CVE-2025-5351 json | A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for convert... | Not Provided | 2025-07-04 | 2026-05-19 |
| CVE-2025-4878 json | Not Provided | 2025-07-22 | 2026-05-19 | |
| CVE-2025-4877 json | Not Provided | 2025-08-20 | 2026-05-19 | |
| CVE-2023-6918 json | 5.3 - MEDIUM | 2023-12-19 | 2024-01-04 | |
| CVE-2023-6004 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.8 - MEDIUM | 2024-01-03 | 2024-01-25 |
| CVE-2023-3603 json | A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The... | 6.5 - MEDIUM | 2023-07-21 | 2023-11-07 |
| CVE-2023-2283 json | A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verif... | 6.5 - MEDIUM | 2023-05-26 | 2024-02-01 |
| CVE-2023-1667 json | A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticate... | 6.5 - MEDIUM | 2023-05-26 | 2023-12-22 |
| CVE-2021-3634 json | A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lif... | 6.5 - MEDIUM | 2021-08-31 | 2023-12-22 |
| CVE-2020-16135 json | libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | 5.9 - MEDIUM | 2020-07-29 | 2023-11-07 |
| CVE-2020-1730 json | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) c... | 5.3 - MEDIUM | 2020-04-13 | 2023-11-07 |
| CVE-2019-14889 json | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP cl... | 8.8 - HIGH | 2019-12-10 | 2023-11-07 |
Known software with vulnerabilities from Libssh
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libssh | Libssh | 0.4.7 |