Vulnerability Details CVE-2026-0966
The API function `ssh_get_hexa()` is vulnerable, when 0-lenght
input is provided to this function. This function is used internally
in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),
which is vulnerable to the same input (length is provided by the
calling application).
The function is also used internally in the gssapi code for logging
the OIDs received by the server during GSSAPI authentication. This
could be triggered remotely, when the server allows GSSAPI authentication
and logging verbosity is set at least to SSH_LOG_PACKET (3). This
could cause self-DoS of the per-connection daemon process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-0966
-
cpe:2.3:a:libssh:libssh:-
-
cpe:2.3:a:libssh:libssh:0.10.0
-
cpe:2.3:a:libssh:libssh:0.10.1
-
cpe:2.3:a:libssh:libssh:0.10.2
-
cpe:2.3:a:libssh:libssh:0.10.3
-
cpe:2.3:a:libssh:libssh:0.10.4
-
cpe:2.3:a:libssh:libssh:0.10.5
-
cpe:2.3:a:libssh:libssh:0.10.6
-
cpe:2.3:a:libssh:libssh:0.11.0
-
cpe:2.3:a:libssh:libssh:0.11.1
-
cpe:2.3:a:libssh:libssh:0.11.2
-
cpe:2.3:a:libssh:libssh:0.4.7
-
cpe:2.3:a:libssh:libssh:0.4.8
-
cpe:2.3:a:libssh:libssh:0.5.0
-
cpe:2.3:a:libssh:libssh:0.5.1
-
cpe:2.3:a:libssh:libssh:0.5.2
-
cpe:2.3:a:libssh:libssh:0.5.3
-
cpe:2.3:a:libssh:libssh:0.5.4
-
cpe:2.3:a:libssh:libssh:0.5.5
-
cpe:2.3:a:libssh:libssh:0.6.0
-
cpe:2.3:a:libssh:libssh:0.6.1
-
cpe:2.3:a:libssh:libssh:0.6.2
-
cpe:2.3:a:libssh:libssh:0.6.3
-
cpe:2.3:a:libssh:libssh:0.6.4
-
cpe:2.3:a:libssh:libssh:0.6.5
-
cpe:2.3:a:libssh:libssh:0.7.0
-
cpe:2.3:a:libssh:libssh:0.7.1
-
cpe:2.3:a:libssh:libssh:0.7.2
-
cpe:2.3:a:libssh:libssh:0.7.3
-
cpe:2.3:a:libssh:libssh:0.7.4
-
cpe:2.3:a:libssh:libssh:0.7.5
-
cpe:2.3:a:libssh:libssh:0.7.6
-
cpe:2.3:a:libssh:libssh:0.7.7
-
cpe:2.3:a:libssh:libssh:0.8.0
-
cpe:2.3:a:libssh:libssh:0.8.1
-
cpe:2.3:a:libssh:libssh:0.8.2
-
cpe:2.3:a:libssh:libssh:0.8.3
-
cpe:2.3:a:libssh:libssh:0.8.4
-
cpe:2.3:a:libssh:libssh:0.8.5
-
cpe:2.3:a:libssh:libssh:0.8.6
-
cpe:2.3:a:libssh:libssh:0.8.7
-
cpe:2.3:a:libssh:libssh:0.8.8
-
cpe:2.3:a:libssh:libssh:0.8.9
-
cpe:2.3:a:libssh:libssh:0.9.0
-
cpe:2.3:a:libssh:libssh:0.9.1
-
cpe:2.3:a:libssh:libssh:0.9.2
-
cpe:2.3:a:libssh:libssh:0.9.3
-
cpe:2.3:a:libssh:libssh:0.9.4
-
cpe:2.3:a:libssh:libssh:0.9.5
-
cpe:2.3:a:libssh:libssh:0.9.6
-
cpe:2.3:a:libssh:libssh:0.9.7
-
cpe:2.3:a:libssh:libssh:0.9.8
-
cpe:2.3:a:redhat:hardened_images:-
-
cpe:2.3:a:redhat:openshift_container_platform:4.0
-
cpe:2.3:o:redhat:enterprise_linux:10.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0