Primary

Context

libssh2 Integer Overflow Vulnerability in User Authentication Function

Vulnerability

A security vulnerability allowing for integer overflow has been identified in libssh2 versions through 1.11.1. The issue arises in the userauth_password function within src/userauth.c, where improper handling of the username_len and password_len arguments can be exploited remotely.

Impact

Exploitation of this vulnerability leads to the potential for integer overflow, which can commonly be leveraged to cause buffer overflows or other memory corruption issues.

Remediation

Users are advised to update to the latest version of libssh2, where this vulnerability has been addressed. The specific commit that resolves this issue is 256d04b60d80bf1190e96b0ad1e91b2174d744b1.

Added: May 1, 2026, 10:19 PM

Updated: May 1, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.3

remediation

7.7

relevance

6.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

7.3

remediation

7.7

relevance

6.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libssh2 Integer Overflow Vulnerability in User Authentication Function

Vulnerability

Impact

Remediation

Affected Products

libssh2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating