Home

Description

A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

PUBLISHED Reserved 2026-01-14 | Published 2026-03-26 | Updated 2026-05-19 | Assigner redhat




MEDIUM: 6.5CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Problem types

Buffer Underwrite ('Buffer Underflow')

Product status

Default status
affected

0:0.12.0-2.el10 (rpm) before *
unaffected

Default status
affected

0:0.10.4-18.el9 (rpm) before *
unaffected

Default status
affected

0:0.10.4-18.el9 (rpm) before *
unaffected

Default status
affected

0.12.0-1.1.hum1 (rpm) before *
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
unaffected

Default status
affected

Timeline

2026-01-26:Reported to Red Hat.
2026-02-10:Made public.

Credits

Red Hat would like to thank Jakub Jelen (libssh), Jun Xu, Kang Yang, and Yunhang Zhang for reporting this issue.

References

access.redhat.com/errata/RHSA-2026:18160 (RHSA-2026:18160) vendor-advisory

access.redhat.com/errata/RHSA-2026:18683 (RHSA-2026:18683) vendor-advisory

access.redhat.com/errata/RHSA-2026:7067 (RHSA-2026:7067) vendor-advisory

access.redhat.com/security/cve/CVE-2026-0966 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2433121 (RHBZ#2433121) issue-tracking

www.libssh.org/...ibssh-0-12-0-and-0-11-4-security-releases/

cve.org (CVE-2026-0966)

nvd.nist.gov (CVE-2026-0966)

Download JSON