libssh (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package libssh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2025-5318 — CVSS 8.1 (high): A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due…
CVE-2023-1667 — CVSS 6.5 (medium): A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to…
CVE-2023-2283 — CVSS 6.5 (medium): A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signatur…
CVE-2021-3634 — CVSS 6.5 (medium): A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the…
CVE-2023-48795 — CVSS 5.9 (medium): The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to…
CVE-2025-5372 — CVSS 5.0 (medium): A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key…
CVE-2023-6004 — CVSS 4.8 (medium): A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client…
CVE-2023-6918 — CVSS 3.7 (low): A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto…