CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce
CVSS
8.1
Alto
EPSS
0.7%
p50
KEV
—
Exploit Today
15
0-100
Publicado: 17 jun 2026 · Última mod.: 14 jul 2026 · CWE-680
0.7%EPSS · 30 días0.9%
2026-06-302026-07-17
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
- github.comhttps://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8
- github.comhttps://github.com/libssh2/libssh2/pull/2052
- www.vulncheck.comhttps://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c
- web.archive.orghttps://web.archive.org/web/20260623211210/https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
Sin CVEs relacionados por CWE o producto.