CVE ID :CVE-2026-58050
Published : June 28, 2026, 1:32 a.m. | 18 hours, 27 minutes ago
Description :libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More
