EUVD-2026-34034
GHSA-23jv-8gf4-7r88
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg_len can lead to resource consumption. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied to remediate this issue.
AnalysisAI
Unbounded memory allocation in warmcat libwebsockets up to 4.5.8 allows remote unauthenticated attackers to exhaust server heap resources by sending SSH packets with a crafted oversized msg_len value, resulting in denial of service. The vulnerability is confined to deployments using the optional SSH server plugin (protocol_lws_ssh_base) and carries a CVSS 5.3 Medium rating with no confidentiality or integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target application to be compiled with the optional `protocol_lws_ssh_base` SSH server plugin enabled - this plugin is not active in default libwebsockets builds, so the majority of libwebsockets deployments are not vulnerable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.3 (Medium) reflects a network-reachable (AV:N), low-complexity (AC:L), unauthenticated (PR:N), no-interaction (UI:N) attack with limited availability impact (A:L) and no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker connects to the SSH port of a service built on libwebsockets with the SSH plugin enabled and transmits a crafted SSH packet in which `msg_len` is set to a value exceeding available server memory. The unpatched `lws_ssh_parse_plaintext` function attempts the allocation unconditionally, exhausting heap memory and causing the service to become unresponsive or crash. … |
| Remediation | Apply upstream patch commit `3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498` from the libwebsockets repository (https://github.com/warmcat/libwebsockets/commit/3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498), which enforces a 256 KB maximum SSH packet size in `lws_ssh_parse_plaintext`. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Vendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today