| Title | libssh.org libssh libssh < 0.11.4; < 0.12.0 Out-of-Bounds Read |
|---|
| Description | The functions `sftp_extensions_get_name()` and `sftp_extensions_get_data()` had a wrong bounds check allowing to overrun allocated buffer, when queried for the extension name or data at an index matching the amount of extensions. The functions are used internally by libssh, which does not overrun the buffer, but they can be also used by end user applications if they want to query support for specific extension they want to use.
This is programming error. Vulnerable applications could cause crashes or printing or making decisions on uninitialized/unexpected data, but these are not controlled by any malicious server. |
|---|
| Source | ⚠️ https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt |
|---|
| User | Anonymous User |
|---|
| Submission | 02/25/2026 07:23 (1 month ago) |
|---|
| Moderation | 03/07/2026 18:55 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349709 [libssh up to 0.11.3 SFTP Extension Name src/sftp.c sftp_extensions_get_name/sftp_extensions_get_data idx out-of-bounds] |
|---|
| Points | 20 |
|---|