VDB

RHSA-2026%3A1541

RHSA-2026%3A1541 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Red Hatrhcos-ppc64le-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-ppc64le-415.92.202601271320-0, rhcos-ppc64le-415.92.202601271320-0, rhcos-ppc64le-415.92.202601271320-0
Red Hatrhcos-x86_64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-x86_64-415.92.202601271320-0, rhcos-x86_64-415.92.202601271320-0, rhcos-x86_64-415.92.202601271320-0
Red Hatrhcos-s390x-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-s390x-415.92.202601271320-0
Red Hatrhcos-aarch64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-aarch64-415.92.202601271320-0, rhcos-aarch64-415.92.202601271320-0, rhcos-aarch64-415.92.202601271320-0
Red Hatrhcos-ppc64le-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-ppc64le-415.92.202601271320-0
Red Hatrhcos-s390x-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15rhcos-s390x-415.92.202601271320-0, rhcos-s390x-415.92.202601271320-0, rhcos-s390x-415.92.202601271320-0
Red Hatrhcos-x86_64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15*
Red Hatrhcos-aarch64-415.92.202601271320-0 as a component of Red Hat OpenShift Container Platform 4.15*

Timeline

  • Feb 5, 2026 CVE Published
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›