CVE Vulnerabilities

CVE-2026-55200

Integer Overflow to Buffer Overflow

Published: Jun 17, 2026 | Modified: Jun 30, 2026
CVSS 3.x
8.3
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
7.1 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Weakness

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Affected Software

NameVendorStart VersionEnd Version
Libssh2Libssh2*1.11.1 (including)
Red Hat Hardened ImagesRedHatlibssh2-main-1.11.1-8.hum1*
Libssh2Ubuntudevel*
Libssh2Ubuntuquesting*
Libssh2Ubunturesolute*
Libssh2Ubuntuupstream*

References