Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-55200 (GCVE-0-2026-55200)
Vulnerability from cvelistv5 – Published: 2026-06-17 19:03 – Updated: 2026-06-25 03:55 X_Open Source
VLAI
EPSS
Title
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Summary
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/libssh2/libssh2/pull/2052 | issue-tracking |
| https://github.com/libssh2/libssh2/commit/97acf3d… | patch |
| https://www.vulncheck.com/advisories/libssh2-out-… | third-party-advisory |
| https://github.com/bikini/exploitarium/tree/main/… | exploit |
Impacted products
Date Public
2026-06-12 00:00
Credits
Tristan Madani (@TristanInSec)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55200",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T03:55:24.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libssh2",
"repo": "https://github.com/libssh2/libssh2",
"vendor": "libssh2",
"versions": [
{
"lessThanOrEqual": "1.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7acf3dfda80c91c3a8c9f2372546301d4a1a7a8",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tristan Madani (@TristanInSec)"
}
],
"datePublic": "2026-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T11:46:01.897Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Pull Request",
"tags": [
"issue-tracking"
],
"url": "https://github.com/libssh2/libssh2/pull/2052"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c"
}
],
"tags": [
"x_open-source"
],
"title": "libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-55200",
"datePublished": "2026-06-17T19:03:15.183Z",
"dateReserved": "2026-06-16T15:53:37.764Z",
"dateUpdated": "2026-06-25T03:55:24.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-55200",
"date": "2026-06-29",
"epss": "0.00922",
"percentile": "0.55838"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-55200\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-06-17T20:17:28.667\",\"lastModified\":\"2026-06-26T19:15:53.083\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"libssh2\",\"product\":\"libssh2\",\"defaultStatus\":\"unaffected\",\"repo\":\"https://github.com/libssh2/libssh2\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"1.11.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7acf3dfda80c91c3a8c9f2372546301d4a1a7a8\",\"versionType\":\"git\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-17T00:00:00+00:00\",\"id\":\"CVE-2026-55200\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-680\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.11.1\",\"matchCriteriaId\":\"00D62356-F677-41CF-AC66-2871AD2112BA\"}]}]}],\"references\":[{\"url\":\"https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/libssh2/libssh2/pull/2052\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-55200\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-24T15:29:08.618049Z\"}}}], \"references\": [{\"url\": \"https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T19:45:05.382Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Tristan Madani (@TristanInSec)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/libssh2/libssh2\", \"vendor\": \"libssh2\", \"product\": \"libssh2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.11.1\"}, {\"status\": \"unaffected\", \"version\": \"7acf3dfda80c91c3a8c9f2372546301d4a1a7a8\", \"versionType\": \"git\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-06-12T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/libssh2/libssh2/pull/2052\", \"name\": \"Pull Request\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8\", \"name\": \"Patch Commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-680\", \"description\": \"Integer Overflow to Buffer Overflow\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.11.1\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-18T11:46:01.897Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-55200\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-24T15:29:12.133Z\", \"dateReserved\": \"2026-06-16T15:53:37.764Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-17T19:03:15.183Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0812
Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure Linux | azl3 libssh2 1.11.1-2 versions antérieures à 1.11.1-3 | ||
| Microsoft | Azure Linux | azl3 libssh2 1.11.1-3 versions antérieures à 1.11.1-3 | ||
| Microsoft | Azure Linux | azl3 nodejs 24.14.1-3 versions antérieures à 24.17.0-1 | ||
| Microsoft | Azure Linux | azl3 kernel 6.6.141.1-1 versions antérieures à 6.6.143.1-1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 libssh2 1.11.1-2 versions ant\u00e9rieures \u00e0 1.11.1-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libssh2 1.11.1-3 versions ant\u00e9rieures \u00e0 1.11.1-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 24.14.1-3 versions ant\u00e9rieures \u00e0 24.17.0-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.141.1-1 versions ant\u00e9rieures \u00e0 6.6.143.1-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-9697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
},
{
"name": "CVE-2026-53230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53230"
},
{
"name": "CVE-2026-52934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
},
{
"name": "CVE-2026-53214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53214"
},
{
"name": "CVE-2026-53274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
},
{
"name": "CVE-2026-52947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
},
{
"name": "CVE-2026-53218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
},
{
"name": "CVE-2026-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53143"
},
{
"name": "CVE-2026-53161",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
},
{
"name": "CVE-2026-52924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
},
{
"name": "CVE-2026-53227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
},
{
"name": "CVE-2026-53239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
},
{
"name": "CVE-2026-53181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
},
{
"name": "CVE-2026-52943",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
},
{
"name": "CVE-2026-52915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
},
{
"name": "CVE-2026-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
},
{
"name": "CVE-2026-52913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
},
{
"name": "CVE-2026-52941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
},
{
"name": "CVE-2026-53150",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
},
{
"name": "CVE-2026-53147",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
},
{
"name": "CVE-2026-52942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
},
{
"name": "CVE-2026-53183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
},
{
"name": "CVE-2026-52931",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
},
{
"name": "CVE-2026-52919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
},
{
"name": "CVE-2026-53266",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
},
{
"name": "CVE-2026-53149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
},
{
"name": "CVE-2026-53176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
},
{
"name": "CVE-2026-53158",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53158"
},
{
"name": "CVE-2026-53219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
},
{
"name": "CVE-2026-53249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
},
{
"name": "CVE-2026-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
},
{
"name": "CVE-2026-52916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
},
{
"name": "CVE-2026-53236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
},
{
"name": "CVE-2026-53225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
},
{
"name": "CVE-2026-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
},
{
"name": "CVE-2026-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
},
{
"name": "CVE-2026-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
},
{
"name": "CVE-2026-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
},
{
"name": "CVE-2026-53237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53237"
},
{
"name": "CVE-2026-53186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
},
{
"name": "CVE-2026-53182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
},
{
"name": "CVE-2026-53177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
},
{
"name": "CVE-2026-53255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
},
{
"name": "CVE-2026-53207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
},
{
"name": "CVE-2026-53160",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
},
{
"name": "CVE-2026-53245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
},
{
"name": "CVE-2026-53148",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
},
{
"name": "CVE-2026-53133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
},
{
"name": "CVE-2026-53263",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
},
{
"name": "CVE-2026-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
},
{
"name": "CVE-2026-53194",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
},
{
"name": "CVE-2026-53242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
},
{
"name": "CVE-2026-53199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
},
{
"name": "CVE-2026-53247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53247"
},
{
"name": "CVE-2026-53268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
},
{
"name": "CVE-2026-53159",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
},
{
"name": "CVE-2026-9675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
},
{
"name": "CVE-2026-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
},
{
"name": "CVE-2026-53267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53267"
},
{
"name": "CVE-2026-52912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
},
{
"name": "CVE-2026-53221",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
},
{
"name": "CVE-2026-53275",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
},
{
"name": "CVE-2026-55200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
},
{
"name": "CVE-2026-53215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
},
{
"name": "CVE-2026-53253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
},
{
"name": "CVE-2026-53252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
},
{
"name": "CVE-2026-53270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
},
{
"name": "CVE-2026-53264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
},
{
"name": "CVE-2026-53184",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
},
{
"name": "CVE-2026-53254",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
},
{
"name": "CVE-2026-53238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
},
{
"name": "CVE-2026-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
},
{
"name": "CVE-2026-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
},
{
"name": "CVE-2026-52930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
},
{
"name": "CVE-2026-53265",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53265"
},
{
"name": "CVE-2026-52923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
},
{
"name": "CVE-2026-53154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53154"
},
{
"name": "CVE-2026-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
},
{
"name": "CVE-2026-52926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
}
],
"initial_release_date": "2026-06-29T00:00:00",
"last_revision_date": "2026-06-29T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0812",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
"vendor_advisories": [
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53215"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53209"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52912",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52912"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9697",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9697"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53080",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53080"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53247"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53218"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53221"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53255",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53255"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52926",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52926"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52916",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52916"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52924",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52924"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53239",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53239"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53254",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53254"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9675",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9675"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52930",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52930"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52941",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52941"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53236",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53236"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53176",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53176"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52942",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52942"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53268",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53268"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53266"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53160",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53160"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53148",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53148"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53270",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53270"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53217"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52934",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52934"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53253"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52943",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52943"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53227"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53182",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53182"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53230"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53186"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53184",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53184"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53161",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53161"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52923",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52923"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53237",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53237"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53213",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53213"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52947",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52947"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53245"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52922",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52922"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53159",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53159"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53150",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53150"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53275",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53275"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53133",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53133"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53264"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53267",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53267"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53265",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53265"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53196",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53196"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53219",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53219"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53149",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53149"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53242"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53146",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53146"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53252",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53252"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53194",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53194"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52919",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52919"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52931",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52931"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52921",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52921"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53181",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53181"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53154",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53154"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52913",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52913"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53135",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53135"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53183",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53183"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53249",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53249"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53228",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53228"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53147",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53147"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53143",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53143"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53158"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52915"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53238",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53238"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53263"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53207",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53207"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53225",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53225"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53214"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-55200",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53177"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53199",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53199"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52927",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52927"
},
{
"published_at": "2026-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53274",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53274"
}
]
}
FKIE_CVE-2026-55200
Vulnerability from fkie_nvd - Published: 2026-06-17 20:17 - Updated: 2026-06-18 04:17
Severity
Summary
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| disclosure@vulncheck.com | https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8 | ||
| disclosure@vulncheck.com | https://github.com/libssh2/libssh2/pull/2052 | ||
| disclosure@vulncheck.com | https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c |
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "libssh2",
"repo": "https://github.com/libssh2/libssh2",
"vendor": "libssh2",
"versions": [
{
"lessThanOrEqual": "1.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7acf3dfda80c91c3a8c9f2372546301d4a1a7a8",
"versionType": "git"
}
]
}
],
"source": "disclosure@vulncheck.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution."
}
],
"id": "CVE-2026-55200",
"lastModified": "2026-06-18T04:17:02.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-55200",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T20:17:28.667",
"references": [
{
"source": "disclosure@vulncheck.com",
"url": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://github.com/libssh2/libssh2/pull/2052"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-680"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
GHSA-R8MH-X5QV-7GG2
Vulnerability from github – Published: 2026-06-17 21:34 – Updated: 2026-06-24 18:32
VLAI
Details
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Severity
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2026-55200"
],
"database_specific": {
"cwe_ids": [
"CWE-680"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T20:17:28Z",
"severity": "CRITICAL"
},
"details": "libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.",
"id": "GHSA-r8mh-x5qv-7gg2",
"modified": "2026-06-24T18:32:34Z",
"published": "2026-06-17T21:34:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55200"
},
{
"type": "WEB",
"url": "https://github.com/libssh2/libssh2/pull/2052"
},
{
"type": "WEB",
"url": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8"
},
{
"type": "WEB",
"url": "https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
MSRC_CVE-2026-55200
Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-28 01:49Summary
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
8.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21485-17084 | — | ||
| Unresolved product id: 21318-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-55200.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c",
"tracking": {
"current_release_date": "2026-06-28T01:49:43.000Z",
"generator": {
"date": "2026-06-28T07:10:57.312Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-55200",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-06-27T01:09:36.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-06-28T01:49:43.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libssh2 0:1.11.1-3.azl3",
"product": {
"name": "\u003cazl3 libssh2 0:1.11.1-3.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libssh2 0:1.11.1-3.azl3",
"product": {
"name": "azl3 libssh2 0:1.11.1-3.azl3",
"product_id": "21485"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libssh2 0:1.11.1-2.azl3",
"product": {
"name": "\u003cazl3 libssh2 0:1.11.1-2.azl3",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 libssh2 0:1.11.1-2.azl3",
"product": {
"name": "azl3 libssh2 0:1.11.1-2.azl3",
"product_id": "21318"
}
}
],
"category": "product_name",
"name": "libssh2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 libssh 0:0.10.6-8.azl3",
"product": {
"name": "azl3 libssh 0:0.10.6-8.azl3",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "libssh"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 nmap 0:7.95-3.azl3",
"product": {
"name": "azl3 nmap 0:7.95-3.azl3",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "nmap"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh2 0:1.11.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh2 0:1.11.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "21485-17084"
},
"product_reference": "21485",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh 0:0.10.6-8.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libssh2 0:1.11.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libssh2 0:1.11.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "21318-17084"
},
"product_reference": "21318",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nmap 0:7.95-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-55200",
"cwe": {
"id": "CWE-680",
"name": "Integer Overflow to Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "VulnCheck",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21485-17084",
"21318-17084"
],
"known_affected": [
"17084-1",
"17084-2",
"17084-3",
"17084-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55200 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-55200.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-06-27T01:09:36.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-2"
]
},
{
"category": "none_available",
"date": "2026-06-27T01:09:36.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-4"
]
},
{
"category": "vendor_fix",
"date": "2026-06-27T01:09:36.000Z",
"details": "0:1.11.1-3.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17084-2",
"17084-3",
"17084-4"
]
}
],
"title": "libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c"
}
]
}
NCSC-2026-0210
Vulnerability from csaf_ncscnl - Published: 2026-06-23 09:53 - Updated: 2026-06-24 09:01Summary
Kwetsbaarheden verholpen in libssh2 door libssh
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: libssh heeft kwetsbaarheden verholpen in libssh2 tot en met versie 1.11.1.
Interpretaties: De eerste kwetsbaarheid betreft een pre-authenticatie denial of service in de SSH_MSG_EXT_INFO handler. Een kwaadaardige SSH-server kan een speciaal geconstrueerde extension_count waarde sturen, waardoor de client in een CPU-uitputtingslus terechtkomt en de verwerking van SSH-berichten verstoord wordt. De tweede kwetsbaarheid zit in de ssh2_transport_read() functie, waar onjuiste bounds checking op de packet_length variabele leidt tot een out-of-bounds write. Dit kan door een aanvaller worden misbruikt om met speciaal geconstrueerde SSH-pakketten een Denial-of-Service te veroorzaken, of in theorie om willekeurige code uit te voeren op het getroffen systeem, indien er geen additionele maatregelen zijn genomen als Address Space Layout Randomization (ALSR). Dit is echter geen gebruikelijke instelling op systemen. Beide kwetsbaarheden zijn aanwezig in alle implementaties die libssh2 versie 1.11.1 of lager gebruiken.
Update: Er is publieke PoC code verschenen die bevestigd dat de kwetsbaarheid onder specifieke mogelijkheden kan leiden tot het uitvoeren van willekeurige code.
Oplossingen: libssh heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-680: Integer Overflow to Buffer Overflow
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
libssh2 versions through 1.11.1 contain a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler that allows a malicious SSH server to cause client CPU exhaustion via a crafted extension count, fixed in commit 1762685.
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Open Source / libssh2
|
vers:unknown/* | ||
|
vers:unknown/*
libssh2 / libssh2
|
vers:unknown/* |
libssh2 versions up to 1.11.1 contain an out-of-bounds write vulnerability in ssh2_transport_read() due to improper bounds checking on packet_length, enabling remote attackers to execute arbitrary code via crafted SSH packets.
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Open Source / libssh2
|
vers:unknown/* | ||
|
vers:unknown/*
libssh2 / libssh2
|
vers:unknown/* |
References
4 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "libssh heeft kwetsbaarheden verholpen in libssh2 tot en met versie 1.11.1.",
"title": "Feiten"
},
{
"category": "description",
"text": "De eerste kwetsbaarheid betreft een pre-authenticatie denial of service in de SSH_MSG_EXT_INFO handler. Een kwaadaardige SSH-server kan een speciaal geconstrueerde extension_count waarde sturen, waardoor de client in een CPU-uitputtingslus terechtkomt en de verwerking van SSH-berichten verstoord wordt. De tweede kwetsbaarheid zit in de ssh2_transport_read() functie, waar onjuiste bounds checking op de packet_length variabele leidt tot een out-of-bounds write. Dit kan door een aanvaller worden misbruikt om met speciaal geconstrueerde SSH-pakketten een Denial-of-Service te veroorzaken, of in theorie om willekeurige code uit te voeren op het getroffen systeem, indien er geen additionele maatregelen zijn genomen als Address Space Layout Randomization (ALSR). Dit is echter geen gebruikelijke instelling op systemen. Beide kwetsbaarheden zijn aanwezig in alle implementaties die libssh2 versie 1.11.1 of lager gebruiken.\n\nUpdate: Er is publieke PoC code verschenen die bevestigd dat de kwetsbaarheid onder specifieke mogelijkheden kan leiden tot het uitvoeren van willekeurige code.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "libssh heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Integer Overflow to Buffer Overflow",
"title": "CWE-680"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://github.com/advisories/GHSA-3CFQ-4XX4-RMPG"
},
{
"category": "external",
"summary": "Reference",
"url": "https://github.com/advisories/GHSA-R8MH-X5QV-7GG2"
}
],
"title": "Kwetsbaarheden verholpen in libssh2 door libssh",
"tracking": {
"current_release_date": "2026-06-24T09:01:34.970793Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0210",
"initial_release_date": "2026-06-23T09:53:49.169679Z",
"revision_history": [
{
"date": "2026-06-23T09:53:49.169679Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2026-06-24T09:01:34.970793Z",
"number": "1.0.1",
"summary": "Publieke PoC code verschenen."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "libssh2"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "libssh2"
}
],
"category": "vendor",
"name": "libssh2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-55199",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "description",
"text": "libssh2 versions through 1.11.1 contain a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler that allows a malicious SSH server to cause client CPU exhaustion via a crafted extension count, fixed in commit 1762685.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55199 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55199.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-55199"
},
{
"cve": "CVE-2026-55200",
"notes": [
{
"category": "description",
"text": "libssh2 versions up to 1.11.1 contain an out-of-bounds write vulnerability in ssh2_transport_read() due to improper bounds checking on packet_length, enabling remote attackers to execute arbitrary code via crafted SSH packets.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-55200 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55200.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-55200"
}
]
}
RHSA-2026:29950
Vulnerability from csaf_redhat - Published: 2026-06-25 13:02 - Updated: 2026-06-30 02:58Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
libssh2:
* libssh2-1.11.1-8.hum1 (aarch64, x86_64)
* libssh2-devel-1.11.1-8.hum1 (aarch64, x86_64)
* libssh2-docs-1.11.1-8.hum1 (noarch)
* libssh2-1.11.1-8.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client's CPU, resulting in a denial of service.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An out-of-bounds write vulnerability exists in the libssh2 client. A remote attacker can exploit this by sending a specially crafted SSH packet with an abnormally large length value. This corrupts the application's memory and can potentially allow the attacker to execute arbitrary code on the affected system.
7.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libssh2-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
20 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:29950 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-55200 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-55199 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-55199 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490128 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55199 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55199 | external |
| https://github.com/libssh2/libssh2/commit/1762685… | external |
| https://github.com/libssh2/libssh2/pull/1864 | external |
| https://www.vulncheck.com/advisories/libssh2-pre-… | external |
| https://access.redhat.com/security/cve/CVE-2026-55200 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2490127 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-55200 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-55200 | external |
| https://github.com/libssh2/libssh2/commit/97acf3d… | external |
| https://github.com/libssh2/libssh2/pull/2052 | external |
| https://www.vulncheck.com/advisories/libssh2-out-… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nlibssh2:\n * libssh2-1.11.1-8.hum1 (aarch64, x86_64)\n * libssh2-devel-1.11.1-8.hum1 (aarch64, x86_64)\n * libssh2-docs-1.11.1-8.hum1 (noarch)\n * libssh2-1.11.1-8.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29950",
"url": "https://access.redhat.com/errata/RHSA-2026:29950"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55200",
"url": "https://access.redhat.com/security/cve/CVE-2026-55200"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-55199",
"url": "https://access.redhat.com/security/cve/CVE-2026-55199"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29950.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T02:58:22+00:00",
"generator": {
"date": "2026-06-30T02:58:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29950",
"initial_release_date": "2026-06-25T13:02:46+00:00",
"revision_history": [
{
"date": "2026-06-25T13:02:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T14:41:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T02:58:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-main@aarch64",
"product": {
"name": "libssh2-main@aarch64",
"product_id": "libssh2-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh2@1.11.1-8.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-main@src",
"product": {
"name": "libssh2-main@src",
"product_id": "libssh2-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh2@1.11.1-8.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-main@x86_64",
"product": {
"name": "libssh2-main@x86_64",
"product_id": "libssh2-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh2@1.11.1-8.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-main@noarch",
"product": {
"name": "libssh2-main@noarch",
"product_id": "libssh2-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libssh2-docs@1.11.1-8.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libssh2-main@aarch64"
},
"product_reference": "libssh2-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libssh2-main@noarch"
},
"product_reference": "libssh2-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libssh2-main@src"
},
"product_reference": "libssh2-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libssh2-main@x86_64"
},
"product_reference": "libssh2-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-55199",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-17T20:01:26.309958+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490128"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client\u0027s CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: libssh2: Denial of Service via crafted SSH_MSG_EXT_INFO message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate-rated denial of service vulnerability in the libssh2 client allows a malicious SSH server to freeze the connecting application. By triggering an infinite CPU loop during the initial connection handshake, the server can render the client unresponsive. Note: Red Hat Enterprise Linux (RHEL) 8 and newer are not affected by this flaw, as they do not ship the libssh2 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55199"
},
{
"category": "external",
"summary": "RHBZ#2490128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490128"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55199"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55199",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55199"
},
{
"category": "external",
"summary": "https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4",
"url": "https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4"
},
{
"category": "external",
"summary": "https://github.com/libssh2/libssh2/pull/1864",
"url": "https://github.com/libssh2/libssh2/pull/1864"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg-ext-info-handler",
"url": "https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg-ext-info-handler"
}
],
"release_date": "2026-06-17T18:44:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T13:02:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29950"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure your libssh2 clients only connect to trusted SSH servers. You can enforce this by implementing outbound network access controls (egress filtering) to block applications from initiating connections to unknown or untrusted external hosts.",
"product_ids": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: libssh2: Denial of Service via crafted SSH_MSG_EXT_INFO message"
},
{
"cve": "CVE-2026-55200",
"discovery_date": "2026-06-17T20:01:16.724927+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2490127"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability exists in the libssh2 client. A remote attacker can exploit this by sending a specially crafted SSH packet with an abnormally large length value. This corrupts the application\u0027s memory and can potentially allow the attacker to execute arbitrary code on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh2: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An Important out-of-bounds write vulnerability was discovered in libssh2. As it only impacts client installations of the library, exploitation would require a victim to initiate an SSH connection to an attacker-controlled server. This means an attacker must first redirect client connections via DNS poisoning, a man-in-the-middle, or compromise of a trusted host. While the vulnerability does not require authentication and requires no special configuration, the client redirection prerequisites significantly limit the practical attack surface compared to a server-side flaw.\n\nThe integer overflow provides uncontrolled access to the heap, which reliably crashes the client process but is unlikely to achieve remote code execution in practice. Weaponizing the overflow for code execution would require a separate information disclosure vulnerability to defeat ASLR, along with a specific heap layout to place exploitable structures adjacent to the undersized allocation. On RHEL, ASLR is enabled by default and glibc\u0027s heap metadata integrity checks further raise the bar, making denial of service the realistic impact for most deployments.\n\nRed Hat Enterprise Linux (RHEL) 8 and newer are not affected by this flaw, as they do not ship the libssh2 package.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-55200"
},
{
"category": "external",
"summary": "RHBZ#2490127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490127"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-55200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-55200",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55200"
},
{
"category": "external",
"summary": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8",
"url": "https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8"
},
{
"category": "external",
"summary": "https://github.com/libssh2/libssh2/pull/2052",
"url": "https://github.com/libssh2/libssh2/pull/2052"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c",
"url": "https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c"
}
],
"release_date": "2026-06-17T19:03:15.183000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T13:02:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29950"
},
{
"category": "workaround",
"details": "The primary mitigation is strict network access control. Ensure libssh2 clients only connect to trusted SSH servers, and use firewalls to block untrusted incoming connections if libssh2 is deployed as a server-side application.",
"product_ids": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libssh2-main@aarch64",
"Red Hat Hardened Images:libssh2-main@noarch",
"Red Hat Hardened Images:libssh2-main@src",
"Red Hat Hardened Images:libssh2-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh2: libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c"
}
]
}
SUSE-SU-2026:22284-1
Vulnerability from csaf_suse - Published: 2026-06-25 11:50 - Updated: 2026-06-25 11:50Summary
Security update for libssh2_org
Severity
Important
Notes
Title of the patch: Security update for libssh2_org
Description of the patch: This update for libssh2_org fixes the following issues
- CVE-2026-55199: pre-Authentication DoS via SSH_MSG_EXT_INFO Handler (bsc#1268530).
- CVE-2026-55200: out-of-Bounds write via Unchecked packet_length in transport.c (bsc#1268531).
Patchnames: SUSE-SL-Micro-6.2-1078
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/s… | self |
| https://www.suse.com/support/update/announcement/… | self |
| https://lists.suse.com/pipermail/sle-updates/2026… | self |
| https://bugzilla.suse.com/1268530 | self |
| https://bugzilla.suse.com/1268531 | self |
| https://www.suse.com/security/cve/CVE-2026-55199/ | self |
| https://www.suse.com/security/cve/CVE-2026-55200/ | self |
| https://www.suse.com/security/cve/CVE-2026-55199 | external |
| https://bugzilla.suse.com/1268530 | external |
| https://www.suse.com/security/cve/CVE-2026-55200 | external |
| https://bugzilla.suse.com/1268531 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh2_org",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh2_org fixes the following issues\n\n- CVE-2026-55199: pre-Authentication DoS via SSH_MSG_EXT_INFO Handler (bsc#1268530).\n- CVE-2026-55200: out-of-Bounds write via Unchecked packet_length in transport.c (bsc#1268531).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-1078",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22284-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22284-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622284-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22284-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047674.html"
},
{
"category": "self",
"summary": "SUSE Bug 1268530",
"url": "https://bugzilla.suse.com/1268530"
},
{
"category": "self",
"summary": "SUSE Bug 1268531",
"url": "https://bugzilla.suse.com/1268531"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55199 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-55200 page",
"url": "https://www.suse.com/security/cve/CVE-2026-55200/"
}
],
"title": "Security update for libssh2_org",
"tracking": {
"current_release_date": "2026-06-25T11:50:54Z",
"generator": {
"date": "2026-06-25T11:50:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22284-1",
"initial_release_date": "2026-06-25T11:50:54Z",
"revision_history": [
{
"date": "2026-06-25T11:50:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.1-160000.4.1.aarch64",
"product": {
"name": "libssh2-1-1.11.1-160000.4.1.aarch64",
"product_id": "libssh2-1-1.11.1-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.1-160000.4.1.ppc64le",
"product": {
"name": "libssh2-1-1.11.1-160000.4.1.ppc64le",
"product_id": "libssh2-1-1.11.1-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.1-160000.4.1.s390x",
"product": {
"name": "libssh2-1-1.11.1-160000.4.1.s390x",
"product_id": "libssh2-1-1.11.1-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.11.1-160000.4.1.x86_64",
"product": {
"name": "libssh2-1-1.11.1-160000.4.1.x86_64",
"product_id": "libssh2-1-1.11.1-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.1-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64"
},
"product_reference": "libssh2-1-1.11.1-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.1-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le"
},
"product_reference": "libssh2-1-1.11.1-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.1-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x"
},
"product_reference": "libssh2-1-1.11.1-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.11.1-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
},
"product_reference": "libssh2-1-1.11.1-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-55199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55199"
}
],
"notes": [
{
"category": "general",
"text": "libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55199",
"url": "https://www.suse.com/security/cve/CVE-2026-55199"
},
{
"category": "external",
"summary": "SUSE Bug 1268530 for CVE-2026-55199",
"url": "https://bugzilla.suse.com/1268530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:50:54Z",
"details": "moderate"
}
],
"title": "CVE-2026-55199"
},
{
"cve": "CVE-2026-55200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-55200"
}
],
"notes": [
{
"category": "general",
"text": "libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-55200",
"url": "https://www.suse.com/security/cve/CVE-2026-55200"
},
{
"category": "external",
"summary": "SUSE Bug 1268531 for CVE-2026-55200",
"url": "https://bugzilla.suse.com/1268531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:libssh2-1-1.11.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:50:54Z",
"details": "important"
}
],
"title": "CVE-2026-55200"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…