VDB
DEBIAN-CVE-2026-0967
DEBIAN-CVE-2026-0967
PUBLISHED
CVSS 5.5 MEDIUM
A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libssh | 0.11.2-1, 0.12.0-3, 0.12.0-2 |
| Debian:14 | libssh | 0.11.3-1, 0.11.2-1, 0 |
| Debian:11 | libssh | 0.10.6-2, 0.9.7-0+deb11u1, 0.9.8-0+deb11u2 |
| Debian:12 | libssh | 0.10.6-0, 0.10.6-1, 0.10.6-2 |
Timeline
- Mar 26, 2026 CVE Published
- Apr 28, 2026 CVE Updated