CVE-2026-58050
Received Received - Intake

Heap Buffer Overflow in libssh2 Client Library

Publication date: 2026-06-28

Last updated on: 2026-06-28

Assigner: VulnCheck

Description
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-28
Last Modified
2026-06-28
Generated
2026-06-28
AI Q&A
2026-06-28
EPSS Evaluated
N/A
NVD
CVE-2026-58050
EUVD
EUVD-2026-39970

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
libssh2 libssh2 to 1.11.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58050 is a high-severity integer overflow vulnerability in libssh2 versions up to and including 1.11.1. The vulnerability occurs in the publickey subsystem when libssh2 reads a 32-bit attribute count from a malicious SSH server's response. This attribute count is used to calculate memory allocation without proper bounds checking. On 32-bit platforms, this calculation can overflow, resulting in an undersized buffer.

Because of this overflow, an attacker-controlled SSH server can exploit the vulnerability by causing the attribute-parsing loop to write beyond the allocated memory buffer, leading to a heap buffer overflow in the libssh2 client.

Impact Analysis

This vulnerability can lead to a heap buffer overflow in the libssh2 client when connecting to a malicious SSH server. Such a buffer overflow can cause crashes, memory corruption, or potentially allow an attacker to execute arbitrary code on the client system.

Since the vulnerability is exploitable remotely by a malicious SSH server, it poses a significant security risk, especially on 32-bit platforms where the integer overflow occurs.

Mitigation Strategies

The vulnerability affects libssh2 versions up to and including 1.11.1. To mitigate this vulnerability, you should upgrade libssh2 to a version later than 1.11.1 where this integer overflow issue is fixed.

Additionally, avoid connecting to untrusted or malicious SSH servers, especially on 32-bit platforms where the overflow occurs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58050. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart