CVE-2026-0966

Summary

A flaw was found in libssh. The API function ssh_get_hexa() is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to SSH_LOG_PACKET (3) or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:0.12.0-2.el10 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.10.4-18.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.10.4-18.el9 < *unaffected
Red HatRed Hat Hardened Images0.12.0-1.1.hum1 < *unaffected

Weaknesses

  • CWE-124: Buffer Underwrite ('Buffer Underflow')

Workarounds

To mitigate this issue, consider disabling GSSAPI authentication if it is not required, or reduce the LogLevel in the sshd_config file to a value lower than SSH_LOG_PACKET (e.g., INFO).

To disable GSSAPI authentication, add or modify the following line in /etc/ssh/sshd_config: GSSAPIAuthentication no

To reduce logging verbosity, add or modify the following line in /etc/ssh/sshd_config: LogLevel INFO

After making changes to sshd_config, the sshd service must be restarted for the changes to take effect. This may temporarily interrupt active SSH sessions.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References