Known Vulnerabilities for products from Libssh2
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libssh2".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58051 json | libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing pop... | Not Provided | 2026-06-28 | 2026-06-30 |
| CVE-2026-58050 json | libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in... | Not Provided | 2026-06-28 | 2026-06-30 |
| CVE-2026-55200 json | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that f... | Not Provided | 2026-06-17 | 2026-07-14 |
| CVE-2026-55199 json | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG... | Not Provided | 2026-06-17 | 2026-07-14 |
| CVE-2026-7598 json | A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of... | Not Provided | 2026-05-01 | 2026-07-15 |
| CVE-2025-15661 json | libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() func... | Not Provided | 2026-06-18 | 2026-07-14 |
| CVE-2023-48795 json | Not Provided | 2023-12-18 | 2026-05-12 | |
| CVE-2023-6918 json | 5.3 - MEDIUM | 2023-12-19 | 2024-01-04 | |
| CVE-2020-22218 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-08-22 | 2023-10-06 |
| CVE-2019-17498 json | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, e... | 8.1 - HIGH | 2019-10-21 | 2023-11-07 |
| CVE-2019-13115 json | In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that c... | 8.1 - HIGH | 2019-07-16 | 2023-11-07 |
| CVE-2019-3863 json | A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total l... | 8.8 - HIGH | 2019-03-25 | 2023-11-07 |
| CVE-2019-3862 json | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit sta... | 9.1 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-3861 json | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater ... | 9.1 - CRITICAL | 2019-03-25 | 2023-11-07 |
| CVE-2019-3860 json | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A r... | 9.1 - CRITICAL | 2019-03-25 | 2023-11-07 |
| CVE-2019-3859 json | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev... | 9.1 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-3858 json | An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the s... | 9.1 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-3857 json | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG... | 8.8 - HIGH | 2019-03-25 | 2023-11-07 |
| CVE-2019-3856 json | An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keybo... | 8.8 - HIGH | 2019-03-25 | 2023-11-07 |
| CVE-2019-3855 json | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets... | 8.8 - HIGH | 2019-03-21 | 2023-11-07 |
Known software with vulnerabilities from Libssh2
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libssh2 | Libssh2 | 0.1 |