Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-01T21:30:11 libssh2: integer overflow via large username or password arguments 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CWE-190

A flaw was found in the libssh2 library. A remote attacker can exploit an integer overflow vulnerability in the `userauth_password` function by manipulating the `username_len` or `password_len` arguments and cause a heap-based buffer overflow. This leads to a crash to the application linked to the library and potentially allows arbitrary code execution.

To exploit this flaw, an attacker needs to be able to supply an excessively large value to the arguments of the `userauth_password` function, typically to an application processing untrusted SSH authentication requests. The primary security impact of this issue is a crash to the application linked to the library due to memory corruption, potentially allowing arbitrary code execution. Default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability. Due to these reasons, this vulnerability has been rated with an important severity. To mitigate this flaw, applications linked to the libssh2 library should be configured or updated to exclusively use public key authentication. Explicitly disabling password-based logins prevents the application from executing the vulnerable userauth_password function. Red Hat Enterprise Linux 6 Affected libssh2 Red Hat Enterprise Linux 7 Affected libssh2 Red Hat Hardened Images Affected libssh2 Red Hat Hardened Images Affected rust Red Hat OpenShift Container Platform 4 Affected conmon-rs Red Hat OpenShift Update Service Affected openshift-update-service/openshift-update-service-rhel8 Red Hat Trusted Profile Analyzer Affected rhtpa/rhtpa-trustification-service-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-7598 https://nvd.nist.gov/vuln/detail/CVE-2026-7598 https://github.com/libssh2/libssh2/ https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1 https://github.com/libssh2/libssh2/pull/1858 https://vuldb.com/submit/805564 https://vuldb.com/vuln/360555 https://vuldb.com/vuln/360555/cti