CVE-2026-0967

| EUVD-2026-16332 MEDIUM
2026-03-26 redhat GHSA-6jpg-fr24-wpvf
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16332
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:06 nvd
MEDIUM 5.5

Tags

Denial Of Service

Description

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.

Analysis

libssh's match_pattern() function is vulnerable to ReDoS (Regular Expression Denial of Service) attacks when processing maliciously crafted hostnames in client configuration or known_hosts files, allowing local attackers with limited privileges and user interaction to trigger inefficient regex backtracking that exhausts system resources and causes client-side timeouts. The vulnerability affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4, with CVSS 2.2 reflecting low severity due to local attack vector and high complexity requirements, though the denial of service impact warrants attention in environments where SSH client availability is critical.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +28
POC: 0

Vendor Status

Ubuntu

Priority: Medium
libssh
Release Status Version
upstream released 0.11.4
jammy released 0.9.6-2ubuntu0.22.04.6
noble released 0.10.6-2ubuntu0.3
questing released 0.11.2-1ubuntu0.2
bionic released 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
focal released 0.9.3-2ubuntu2.5+esm3
xenial released 0.6.3-4.3ubuntu0.6+esm4
USN-8051-1 USN-8051-2

Debian

Bug #1127693
libssh
Release Status Fixed Version Urgency
bullseye vulnerable 0.9.8-0+deb11u1 -
bullseye (security) vulnerable 0.9.8-0+deb11u2 -
bookworm vulnerable 0.10.6-0+deb12u2 -
bookworm (security) vulnerable 0.10.6-0+deb12u1 -
trixie vulnerable 0.11.2-1+deb13u1 -
forky vulnerable 0.11.3-1 -
sid fixed 0.12.0-3 -
(unstable) fixed 0.12.0-1 -

Share

CVE-2026-0967 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy