CLSA-2026-1776262694
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1776262694.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1776262694
- Upstream
- Published
- 2026-04-16T15:26:02Z
- Modified
- 2026-06-04T09:45:13.531366773Z
- Summary
- Fix CVE(s): CVE-2026-0968
- Details
-
- SECURITY UPDATE: null pointer dereference and out-of-bounds read in
sftpparselongname when processing malformed SSHFXPNAME messages
- debian/patches/CVE-2026-0968.patch: add null check, input validation, and end-of-string guards in sftpparselongname
- CVE-2026-0968
- SECURITY UPDATE: null pointer dereference and out-of-bounds read in
sftpparselongname when processing malformed SSHFXPNAME messages
- References
Affected packages
TuxCare:Ubuntu:20.04 / libssh-4
Package
- Name
- libssh-4
- Purl
- pkg:deb/tuxcare/libssh-4?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libssh-dev
Package
- Name
- libssh-dev
- Purl
- pkg:deb/tuxcare/libssh-dev?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libssh-doc
Package
- Name
- libssh-doc
- Purl
- pkg:deb/tuxcare/libssh-doc?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libssh-gcrypt-4
Package
- Name
- libssh-gcrypt-4
- Purl
- pkg:deb/tuxcare/libssh-gcrypt-4?distro=ubuntu-20.04