Known Vulnerabilities for products from Libssh

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libssh".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-0968 json	A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malfor...	Not Provided	2026-03-26	2026-04-13
CVE-2026-0967 json	A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft sp...	Not Provided	2026-03-26	2026-04-02
CVE-2026-0965 json	A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can ex...	Not Provided	2026-03-26	2026-04-02
CVE-2025-14821 json		Not Provided	2026-04-07	2026-04-08
CVE-2023-48795 json		5.9 - MEDIUM	2023-12-18	2024-03-13
CVE-2023-6918 json		5.3 - MEDIUM	2023-12-19	2024-01-04
CVE-2023-6004 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	4.8 - MEDIUM	2024-01-03	2024-01-25
CVE-2023-3603 json	A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The...	6.5 - MEDIUM	2023-07-21	2023-11-07
CVE-2023-2283 json	A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verif...	6.5 - MEDIUM	2023-05-26	2024-02-01
CVE-2023-1667 json	A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticate...	6.5 - MEDIUM	2023-05-26	2023-12-22
CVE-2021-3634 json	A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lif...	6.5 - MEDIUM	2021-08-31	2023-12-22
CVE-2020-16135 json	libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.	5.9 - MEDIUM	2020-07-29	2023-11-07
CVE-2020-1730 json	A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) c...	5.3 - MEDIUM	2020-04-13	2023-11-07
CVE-2019-14889 json	A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP cl...	8.8 - HIGH	2019-12-10	2023-11-07
CVE-2018-10933 json	A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could cre...	9.1 - CRITICAL	2018-10-17	2019-10-09
CVE-2016-0739 json	libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman...	5.9 - MEDIUM	2016-04-13	2017-12-09
CVE-2015-3146 json	The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly va...	7.5 - HIGH	2016-04-13	2016-04-20
CVE-2014-8132 json	Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote at...	5 - MEDIUM	2014-12-29	2018-10-30
CVE-2014-0017 json	The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pse...	1.9 - LOW	2014-03-14	2014-03-26
CVE-2013-0176 json	The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remot...	4.3 - MEDIUM	2013-02-05	2017-08-29

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Libssh

Type	Vendor	Product	Version
Application	Libssh	Libssh	0.4.7