GHSA-r8mh-x5qv-7gg2
An out-of-bounds write vulnerability exists in libssh2 through version 1.11.1 in the ssh2_transport_read() function. The vulnerability occurs because the upper bounds on the packet_length field are not enforced. Remote attackers can exploit this by sending specially crafted SSH packets with excessively large packet_length values, leading to heap memory corruption and potential remote code execution. The issue is fixed in a commit identified as 7acf3df.
AI Analysis
Technical Summary
libssh2 versions up to 1.11.1 contain a critical vulnerability (CVE-2026-55200) in the ssh2_transport_read() function where the packet_length field is not properly bounded. This allows remote attackers to send malicious SSH packets with oversized packet_length values, causing out-of-bounds writes that corrupt heap memory. Successful exploitation can lead to remote code execution. The vulnerability is addressed in a fix committed under hash 7acf3df. No known exploits are reported in the wild at this time.
Potential Impact
Remote attackers can exploit this vulnerability to corrupt heap memory and achieve remote code execution on affected systems running vulnerable versions of libssh2. This represents a critical security risk as it allows unauthorized code execution without authentication.
Mitigation Recommendations
A fix for this vulnerability is available in the commit identified as 7acf3df. Users and maintainers of libssh2 should apply this official fix to versions up to 1.11.1 to remediate the vulnerability. Patch status is not explicitly confirmed in the input data, so users should verify the vendor advisory or source repository for the exact patched version and apply updates accordingly.
GHSA-r8mh-x5qv-7gg2
Description
An out-of-bounds write vulnerability exists in libssh2 through version 1.11.1 in the ssh2_transport_read() function. The vulnerability occurs because the upper bounds on the packet_length field are not enforced. Remote attackers can exploit this by sending specially crafted SSH packets with excessively large packet_length values, leading to heap memory corruption and potential remote code execution. The issue is fixed in a commit identified as 7acf3df.
CVSS v4.0
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libssh2 versions up to 1.11.1 contain a critical vulnerability (CVE-2026-55200) in the ssh2_transport_read() function where the packet_length field is not properly bounded. This allows remote attackers to send malicious SSH packets with oversized packet_length values, causing out-of-bounds writes that corrupt heap memory. Successful exploitation can lead to remote code execution. The vulnerability is addressed in a fix committed under hash 7acf3df. No known exploits are reported in the wild at this time.
Potential Impact
Remote attackers can exploit this vulnerability to corrupt heap memory and achieve remote code execution on affected systems running vulnerable versions of libssh2. This represents a critical security risk as it allows unauthorized code execution without authentication.
Mitigation Recommendations
A fix for this vulnerability is available in the commit identified as 7acf3df. Users and maintainers of libssh2 should apply this official fix to versions up to 1.11.1 to remediate the vulnerability. Patch status is not explicitly confirmed in the input data, so users should verify the vendor advisory or source repository for the exact patched version and apply updates accordingly.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-r8mh-x5qv-7gg2
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-55200"]
- Ecosystems
- []
- Database Specific Severity
- CRITICAL
- Cvss Version
- 4.0
Threat ID: 6a4452fc27e9c79719912562
Added to database: 06/30/2026, 23:36:28 UTC
Last enriched: 06/30/2026, 23:59:28 UTC
Last updated: 06/30/2026, 23:59:28 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.