CVE-2026-0968
Heap-Based Buffer Overflow in libssh SFTP Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-04-13
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| libssh | libssh | to 0.11.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a malformed 'longname' field within the SSH_FXP_NAME message sent by a malicious SFTP server, which can cause libssh clients to crash or behave unexpectedly.
To detect this vulnerability on your system, you can monitor for crashes or denial of service symptoms in applications using libssh when connecting to SFTP servers.
Network detection could involve capturing and analyzing SFTP traffic for malformed SSH_FXP_NAME messages with suspiciously malformed 'longname' fields.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to update libssh to a version where this issue is fixed. Since the vulnerability allows a denial of service via malformed SFTP messages, avoiding connections to untrusted or malicious SFTP servers can reduce risk.
Additionally, monitoring for application crashes related to libssh during SFTP file listing operations may help identify exploitation attempts.
Can you explain this vulnerability to me?
This vulnerability exists in libssh where a malicious SFTP server can send a malformed 'longname' field within an SSH_FXP_NAME message during a file listing operation.
Because libssh lacks a null pointer check for this field, it can cause the software to read beyond the allocated memory on the heap.
This out-of-bounds read can lead to unexpected behavior or cause the application to crash, resulting in a denial of service (DoS).
How can this vulnerability impact me? :
The primary impact of this vulnerability is that it can cause denial of service (DoS) by crashing applications that use libssh when interacting with a malicious SFTP server.
This means that systems relying on libssh for SFTP operations could become unavailable or unstable if exploited.
The severity is considered low, but it can disrupt services that depend on stable SSH file transfer functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.