CVE-2026-7598
Integer Overflow in libssh2 via userauth_password
Publication date: 2026-05-01
Last updated on: 2026-05-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libssh2 | libssh2 | to 1.11.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-189 | |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in libssh2 versions up to 1.11.1, specifically in the function userauth_password within the file src/userauth.c.
The issue arises due to manipulation of the arguments username_len and password_len, which leads to an integer overflow.
An attacker can exploit this vulnerability remotely.
A patch identified by the commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1 has been released to fix this issue.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to security risks due to the integer overflow in the authentication function.
Since the vulnerability can be triggered remotely, an attacker might be able to compromise the authentication process.
This could potentially allow unauthorized access or other malicious actions depending on the context in which libssh2 is used.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the patch named 256d04b60d80bf1190e96b0ad1e91b2174d744b1 to the libssh2 library.