Search CVE reports

[Denial of Service due to malformed SFTP message]

[Denial of Service via inefficient regular expression processing]

[Buffer underflow in ssh_get_hexa() on invalid input]

[Denial of Service via improper configuration file handling]

[Improper sanitation of paths received from SCP servers]

[Insecure default configuration leads to local man-in-the-middle attacks on Windows]

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory....

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL...

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context....

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads...