Vulnerability: CVE-2026-55200 (CVSS 9.2) - libssh2 integer overflow to heap buffer overflow in ssh2_transport_read()
Affected: libssh2 <= 1.11.1 (all current releases)
Impact: A malicious SSH server can trigger memory corruption on a connecting client, leading to potential code execution. No credentials or user interaction required.
Details:
Recommendation:
References:
Discovered during security research. Hope this helps! https://buymeacoffee.com/muhamedfazalps
Vulnerability: CVE-2026-55200 (CVSS 9.2) - libssh2 integer overflow to heap buffer overflow in
ssh2_transport_read()Affected: libssh2 <= 1.11.1 (all current releases)
Impact: A malicious SSH server can trigger memory corruption on a connecting client, leading to potential code execution. No credentials or user interaction required.
Details:
transport.c-packet_lengthfield lacks upper bound checkRecommendation:
97acf3dto your bundled libssh2References:
Discovered during security research. Hope this helps! https://buymeacoffee.com/muhamedfazalps