CVE-2026-55200

ADVISORY - debian

Summary

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

libssh2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140401) https://github.com/libssh2/libssh2/pull/2052 Fixed by: https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8

EPSS Score⁠: 0.00545 (0.414)

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Alpine

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY IDCVE-2026-55200⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

6 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-55200⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

6 days ago

UPDATED

6 hours ago

ADVISORY IDCVE-2026-55200⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium