Vulnerability Description
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh | Libssh | <= 0.11.3 |
Related Weaknesses (CWE)
References
- https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8Patch
- https://vuldb.com/?ctiid.349709Permissions RequiredVDB Entry
- https://vuldb.com/?id.349709Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.767120Third Party AdvisoryVDB Entry
- https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xzPatchThird Party Advisory
- https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txtProduct
FAQ
What is CVE-2026-3731?
CVE-2026-3731 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Nam...
How severe is CVE-2026-3731?
CVE-2026-3731 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3731?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh Libssh.