CVE-2026-58050
Analyzed Analyzed - Analysis Complete

Heap Buffer Overflow in libssh2 Client Library

Vulnerability report for CVE-2026-58050, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-28

Last updated on: 2026-06-30

Assigner: VulnCheck

Description

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-28
Last Modified
2026-06-30
Generated
2026-07-18
AI Q&A
2026-06-28
EPSS Evaluated
2026-07-17
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
libssh2 libssh2 to 1.11.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58050 is a high-severity integer overflow vulnerability in libssh2 versions up to and including 1.11.1. The vulnerability occurs in the publickey subsystem when libssh2 reads a 32-bit attribute count from a malicious SSH server's response. This attribute count is used to calculate memory allocation without proper bounds checking. On 32-bit platforms, this calculation can overflow, resulting in an undersized buffer.

Because of this overflow, an attacker-controlled SSH server can exploit the vulnerability by causing the attribute-parsing loop to write beyond the allocated memory buffer, leading to a heap buffer overflow in the libssh2 client.

Detection Guidance

Detection of CVE-2026-58050 involves identifying if your system uses a vulnerable version of libssh2 (up to 1.11.1) and monitoring for suspicious or malformed SSH publickey-subsystem responses that could trigger the integer overflow.

Since the vulnerability is triggered by a malicious SSH server sending crafted publickey-subsystem responses, network detection could focus on capturing and analyzing SSH traffic for abnormal attribute counts or malformed packets in the publickey subsystem.

There are no explicit detection commands provided in the available resources. However, you can check the libssh2 version on your system using commands like:

  • ldconfig -p | grep libssh2
  • dpkg -l | grep libssh2 (on Debian/Ubuntu)
  • rpm -qa | grep libssh2 (on RedHat/CentOS)

For network detection, using packet capture tools like tcpdump or Wireshark to filter SSH traffic and inspect publickey-subsystem responses for unusually large attribute counts could help identify exploitation attempts.

Example tcpdump command to capture SSH traffic:

  • tcpdump -i <interface> port 22 -w ssh_traffic.pcap

Then analyze ssh_traffic.pcap in Wireshark for anomalies in the publickey subsystem messages.

Impact Analysis

This vulnerability can lead to a heap buffer overflow in the libssh2 client when connecting to a malicious SSH server. Such a buffer overflow can cause crashes, memory corruption, or potentially allow an attacker to execute arbitrary code on the client system.

Since the vulnerability is exploitable remotely by a malicious SSH server, it poses a significant security risk, especially on 32-bit platforms where the integer overflow occurs.

Compliance Impact

The provided context and resources do not contain information regarding the impact of CVE-2026-58050 on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability affects libssh2 versions up to and including 1.11.1. To mitigate this vulnerability, you should upgrade libssh2 to a version later than 1.11.1 where this integer overflow issue is fixed.

Additionally, avoid connecting to untrusted or malicious SSH servers, especially on 32-bit platforms where the overflow occurs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58050. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart