CVE-2026-3731

EUVD-2026-10234

08.03.2026, 11:15

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
libssh	libssh	𝑥 ≤ 0.11.3

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libssh

bionic	Fixed 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm7 released
focal	Fixed 0.9.3-2ubuntu2.5+esm4 released
jammy	Fixed 0.9.6-2ubuntu0.22.04.7 released
noble	Fixed 0.10.6-2ubuntu0.4 released
questing	Fixed 0.11.2-1ubuntu0.3 released
xenial	Fixed 0.6.3-4.3ubuntu0.6+esm5 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60

https://vuldb.com/?ctiid.349709

https://vuldb.com/?id.349709

https://vuldb.com/?submit.767120

https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz

https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt