CVE-2026-0967
EUVD-2026-1633226.03.2026, 21:17
A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libssh | libssh | 𝑥 ≤ 0.11.3 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| libssh-config |
| ||||||||
| libssh-devel |
| ||||||||
| libssh4 |
| ||||||||
| libssh4-32bit |
|
Common Weakness Enumeration