CyberSec.Space Logo
返回 CVE 浏览器

CVE-2026-0966

HIGH
8.2
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile34.66th
Published2026年3月26日
Last Modified2026年5月19日

Vulnerability Description

A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

Affected Platforms (CPE)

📦
Libssh

Libssh

< 0.11.4
📦
Redhat

Hardened Images

All versions
📦
Redhat

Openshift Container Platform

= 4.0
💻
Redhat

Enterprise Linux

= 8.0
💻
Redhat

Enterprise Linux

= 9.0
💻
Redhat

Enterprise Linux

= 10.0

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2026:18160
🔗 https://access.redhat.com/errata/RHSA-2026:18683
🔗 https://access.redhat.com/errata/RHSA-2026:7067
🔗 https://access.redhat.com/security/cve/CVE-2026-0966
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2433121
🔗 https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

相关漏洞威胁

CVE-2018-109339.1

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create c...

CVE-2019-148898.8

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client ...

CVE-2012-45607.5

Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute a...

CVE-2012-45627.5

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and...