| タイトル | libssh.org libssh libssh < 0.11.4; < 0.12.0 Out-of-Bounds Read |
|---|
| 説明 | The functions `sftp_extensions_get_name()` and `sftp_extensions_get_data()` had a wrong bounds check allowing to overrun allocated buffer, when queried for the extension name or data at an index matching the amount of extensions. The functions are used internally by libssh, which does not overrun the buffer, but they can be also used by end user applications if they want to query support for specific extension they want to use.
This is programming error. Vulnerable applications could cause crashes or printing or making decisions on uninitialized/unexpected data, but these are not controlled by any malicious server. |
|---|
| ソース | ⚠️ https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2026年02月25日 07:23 (2 月 ago) |
|---|
| モデレーション | 2026年03月07日 18:55 (10 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 349709 [libssh 迄 0.11.3 SFTP Extension Name src/sftp.c sftp_extensions_get_name/sftp_extensions_get_data idx 情報漏えい] |
|---|
| ポイント | 20 |
|---|