Vulnerability Description
A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh | Libssh | < 0.11.4 |
| Redhat | Hardened Images | - |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2026:18160
- https://access.redhat.com/errata/RHSA-2026:18683
- https://access.redhat.com/errata/RHSA-2026:7067Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-0966MitigationVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2433121Issue TrackingVendor Advisory
- https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/Release Notes
FAQ
What is CVE-2026-0966?
CVE-2026-0966 is a vulnerability with a CVSS score of 8.2 (HIGH). A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Gener...
How severe is CVE-2026-0966?
CVE-2026-0966 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0966?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh Libssh, Redhat Hardened Images, Redhat Openshift Container Platform, Redhat Enterprise Linux.