Skip to content

CVE-2026-7598 on CTRL-OS 24.05

Packages: libssh2

Status: Resolved

CVE Information

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Updates

2026-05-18 17:55 CEST

Metadata changes:

  • Status for package libssh2: “Resolved” (cba733da8d30c94858610ae2e40f4cca3d88e7c1)

Comment:

Fixed by updating to 1.11.1 and applying upstream patch.

2026-05-18 09:22 CEST

Metadata changes:

  • Status for package libssh2: “In Progress

2026-05-12 23:34 CEST

Metadata changes:

  • Status for package libssh2: “Acknowledged