VDB
DEBIAN-CVE-2026-0966
DEBIAN-CVE-2026-0966
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.
Risk Scores
CVSS v3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | libssh | 0.10.5-3, 0.10.5-3, 0.10.6-0 |
| Debian:14 | libssh | 0.11.3-1, 0.11.2-1, 0 |
| Debian:11 | libssh | 0.12.0-1, 0.12.0-2, 0.12.0-3 |
| Debian:13 | libssh | 0.12.0-3, 0, 0.11.2-1 |
Timeline
- Mar 26, 2026 CVE Published
- May 12, 2026 CVE Updated