CVE-2026-0966

{"id": "CVE-2026-0966", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2026-03-26T21:17:00.783", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:18160", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:18683", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7067", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-0966", "tags": ["Mitigation", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433121", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "tags": ["Release Notes"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-124"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process."}, {"lang": "es", "value": "La funci\u00f3n API 'ssh_get_hexa()' es vulnerable cuando se proporciona una entrada de longitud 0 a esta funci\u00f3n. Esta funci\u00f3n se utiliza internamente en 'ssh_get_fingerprint_hash()' y 'ssh_print_hexa()' (obsoleta), la cual es vulnerable a la misma entrada (la longitud es proporcionada por la aplicaci\u00f3n que realiza la llamada).\n\nLa funci\u00f3n tambi\u00e9n se utiliza internamente en el c\u00f3digo gssapi para registrar los OID recibidos por el servidor durante la autenticaci\u00f3n GSSAPI. Esto podr\u00eda activarse de forma remota cuando el servidor permite la autenticaci\u00f3n GSSAPI y la verbosidad del registro se establece al menos en SSH_LOG_PACKET (3). Esto podr\u00eda causar un auto-DoS del proceso demonio por conexi\u00f3n."}], "lastModified": "2026-05-19T14:16:36.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68C64024-6979-46E1-A57F-5C0228DC8DAD", "versionEndExcluding": "0.11.4"}, {"criteria": "cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87DEB507-5B64-47D7-9A50-3B87FD1E571F"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}