CVE-2026-58051
⚪ Do wiadomości
Błąd w libssh2 umożliwia zdalnemu serwerowi SSH manipulację pamięcią klienta.
CVSS
6.5
EPSS
0.3%
Exploit
none
Vendor
Opis źródłowy (NVD)
libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey subsystem can use a malformed response to make cleanup free an uninitialized, attacker-influenceable attrs pointer in a connecting libssh2 client.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-28 02:16:32 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 19:09:08 UTC |
Referencje
- https://github.com/bikini/exploitarium/tree/main/libssh2-publickey-list-calc-poc (disclosure@vulncheck.com)
- https://github.com/libssh2/libssh2/blob/master/src/publickey.c (disclosure@vulncheck.com)
- https://www.vulncheck.com/advisories/libssh2-free-of-uninitialized-pointer-in-publickey-list-cleanup (disclosure@vulncheck.com)