A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Nam

Description

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.

Affected Products

Vendor	Product	Versions
libssh	libssh	<= 0.11.3

References

https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60(Patch)
https://vuldb.com/?ctiid.349709(Permissions Required, VDB Entry)
https://vuldb.com/?id.349709(Third Party Advisory, VDB Entry)
https://vuldb.com/?submit.767120(Third Party Advisory, VDB Entry)
https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz(Patch, Third Party Advisory)
https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt(Product)

Related News (2 articles)

Tier B

BSI Advisories1d ago

[UPDATE] [mittel] libssh: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier A

Microsoft MSRC7d ago

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

→ No new info (linked only)

CVSS 3.15.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-119, CWE-125

Published3/8/2026

Last enriched10h ago

Trending Score29

Source articles2

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%