Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how libssh compares to other vendors in security performance

View Risk Score →

libssh/libsshlibssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Risk 31
Severity
6.9
EPSS
0.10%
First published (updated )
CVE-2026-3731

libssh libsshLibssh: libssh: denial of service due to malformed sftp message

Risk 37
Severity
3.1
First published (updated )
CVE-2026-0968

libssh libsshA malicious SFTP server can send malformed longname field of the `SSH_FXP_NAME` message (file listin…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2436982

libssh libsshLibssh: libssh: denial of service via inefficient regular expression processing

Risk 31
Severity
5.5
First published (updated )
CVE-2026-0967

libssh libsshLibssh: libssh: denial of service via improper configuration file handling

Risk 18
Severity
3.3
First published (updated )
CVE-2026-0965
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

libssh libsshlibssh can try to open any file during configuration parsing, when misconfigured or when local attac…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2436980

redhat Enterprise LinuxLibssh: improper sanitation of paths received from scp servers

Risk 45
Severity
6.3
First published (updated )
CVE-2026-0964

redhat Enterprise LinuxLibssh: libssh: denial of service via zero-length input in ssh_get_hexa()

Risk 54
Severity
8.2
First published (updated )
CVE-2026-0966

libssh libsshLibssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

Risk 69
Severity
7.8
First published (updated )
CVE-2025-14821

libssh libsshAn insecure default configuration vulnerability exists in libssh on Windows systems where the librar…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2423148
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Microsoft azl3 libssh 0.10.6-3Libssh: memory exhaustion via repeated key exchange in libssh

Risk 17
Severity
3.1
First published (updated )
CVE-2025-8277

libssh libsshMemory Exhaustion vulnerability in the key exchange logic of the libssh library. When an authenticat…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2383888

libssh libsshLibssh: null pointer dereference in libssh kex session id calculation

Risk 21
Severity
4.7
EPSS
0.01%
First published (updated )
CVE-2025-8114

libssh libsshNull Pointer Dereference

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2383220

libssh libsshLibssh: invalid return code for chacha20 poly1305 with openssl backend

Risk 56
Severity
8.1
EPSS
0.04%
First published (updated )
CVE-2025-5987
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

OpenSSL OpenSSLIf there is an error in initializing ChaCha20 cipher with OpenSSL, an invalid error code is returned…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2376219

libssh libsshLibssh: write beyond bounds in binary to base64 conversion functions

Risk 36
Severity
4.5
First published (updated )
CVE-2025-4877

libssh libsshInteger Overflow

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2376193

libssh libsshLibssh: use of uninitialized variable in privatekey_from_file()

Risk 26
Severity
3.6
First published (updated )
CVE-2025-4878

libssh 0.11.2 security and bugfix lease

First published (updated )
https://seclists.org/oss-sec/2025/q2/284
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

libssh libsshLibssh: integer overflow in libssh sftp server packet length validation leading to denial of service

Risk 40
Severity
6.5
First published (updated )
CVE-2025-5449

libssh libsshInteger Overflow

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2369705

redhat Enterprise LinuxLibssh: incorrect return code handling in ssh_kdf() in libssh

Risk 84
Severity
8.8
First published (updated )
CVE-2025-5372

OpenSSL OpenSSLIncorrect Success Return vulnerability in the ssh_kdf() function of libssh when built with OpenSSL v…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2369388

redhat Enterprise LinuxLibssh: double free vulnerability in libssh key export functions

Risk 40
Severity
6.5
First published (updated )
CVE-2025-5351
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

libssh libsshDouble Free

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2369367

redhat Enterprise LinuxLibssh: out-of-bounds read in sftp_handle()

Risk 45
Severity
8.1
EPSS
0.04%
First published (updated )
CVE-2025-5318

libssh libsshOut-of-Bounds Read vulnerability in the SFTP server implementation of libssh, specifically within th…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2369131

CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling

First published (updated )
https://seclists.org/oss-sec/2023/q4/338

CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

First published (updated )
https://seclists.org/oss-sec/2023/q4/297
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203