threat
engine
.sh
Back
·
··:··
Home
/
Product
/
libssh2
Product
libssh2
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-7598
<= 1.11.1
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the
7.3
HIGH
CVE-2023-48795
< 1.11.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker
5.9
MEDIUM
CVE-2020-22218
all versions
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
7.5
HIGH
CVE-2019-17498
<= 1.9.0
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabli
8.1
HIGH
CVE-2019-13115
< 1.9.0
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could
8.1
HIGH
CVE-2019-3861
>= 0.15 and <= 1.8.0
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than
5.0
MEDIUM
CVE-2019-3860
>= 0.3 and <= 1.8.0
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote
5.0
MEDIUM
CVE-2019-3857
>= 1.2.8 and <= 1.8.0
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHAN
8.8
HIGH
CVE-2019-3856
< 1.8.1
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard p
8.8
HIGH
CVE-2019-3863
< 1.8.1
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard
7.5
HIGH
CVE-2019-3858
< 1.8.1
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server
5.0
MEDIUM
CVE-2019-3855
< 1.8.1
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are
8.8
HIGH
CVE-2019-3862
< 1.8.1
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status m
7.3
HIGH
CVE-2019-3859
< 1.8.1
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev func
9.1
CRITICAL
CVE-2016-0787
<= 1.6.0
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes i
5.9
MEDIUM
CVE-2015-1782
<= 1.4.3
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other un
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin