Known Vulnerabilities for products from Libssh
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Libssh".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-0968 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2026-0967 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2026-0965 | Not Provided | 2026-03-26 | 2026-03-30 | |
| CVE-2021-3634 | A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lif... | 6.5 - MEDIUM | 2021-08-31 | 2023-12-22 |
| CVE-2020-16135 | libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. | 5.9 - MEDIUM | 2020-07-29 | 2023-11-07 |
| CVE-2020-1730 | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) c... | 5.3 - MEDIUM | 2020-04-13 | 2023-11-07 |
| CVE-2019-14889 | A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP cl... | 8.8 - HIGH | 2019-12-10 | 2023-11-07 |
| CVE-2018-10933 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could cre... | 9.1 - CRITICAL | 2018-10-17 | 2019-10-09 |
| CVE-2016-0739 | libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman... | 5.9 - MEDIUM | 2016-04-13 | 2017-12-09 |
| CVE-2015-3146 | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly va... | 7.5 - HIGH | 2016-04-13 | 2016-04-20 |
| CVE-2014-8132 | Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote at... | 5 - MEDIUM | 2014-12-29 | 2018-10-30 |
| CVE-2014-0017 | The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pse... | 1.9 - LOW | 2014-03-14 | 2014-03-26 |
| CVE-2013-0176 | The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remot... | 4.3 - MEDIUM | 2013-02-05 | 2017-08-29 |
| CVE-2012-6063 | Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a deni... | 7.5 - HIGH | 2012-11-30 | 2012-12-19 |
| CVE-2012-4562 | Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash... | 7.5 - HIGH | 2012-11-30 | 2017-08-29 |
| CVE-2012-4561 | The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id f... | 5 - MEDIUM | 2012-11-30 | 2017-08-29 |
| CVE-2012-4560 | Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly exec... | 7.5 - HIGH | 2012-11-30 | 2017-08-29 |
| CVE-2012-4559 | Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels... | 6.8 - MEDIUM | 2012-11-30 | 2017-08-29 |
Known software with vulnerabilities from Libssh
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libssh | Libssh | 0.4.7 |