CVE-2026-58050 – libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation

​CVE ID :CVE-2026-58050

Published : June 28, 2026, 1:32 a.m. | 18 hours, 27 minutes ago

Description :libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicious SSH server can then drive the attribute-parsing loop to write past the allocation, causing a heap buffer overflow in a connecting libssh2 client.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More