ALPINE-CVE-2026-55200
- Source
- https://security.alpinelinux.org/vuln/CVE-2026-55200
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-55200.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-55200
- Upstream
- Published
- 2026-06-17T20:17:28.667Z
- Modified
- 2026-06-27T10:30:17.462521367Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread() that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve remote code execution.
- References
Affected packages
Alpine:v3.21 / libssh2
Package
- Name
- libssh2
- Purl
- pkg:apk/alpine/libssh2?arch=source
Alpine:v3.22 / libssh2
Package
- Name
- libssh2
- Purl
- pkg:apk/alpine/libssh2?arch=source
Alpine:v3.23 / libssh2
Package
- Name
- libssh2
- Purl
- pkg:apk/alpine/libssh2?arch=source