Public Key List Vulnerability in libssh2 by the Vendor libssh2
CVE-2026-58051
8.3HIGH
What is CVE-2026-58051?
The libssh2 library, specifically version 1.11.1 and earlier, contains a vulnerability related to its handling of public key lists. During the allocation of new entries in the public key list, the library does not adequately zero-initialize these entries. Consequently, if a connection is made to a malicious SSH server that provides a malformed response, this can result in a parse failure. Such a failure leads to a scenario where cleanup functions operate on an uninitialized entry, potentially allowing an attacker to influence and exploit pointers in the connecting libssh2 client.
Affected Version(s)
libssh2 0 <= 1.11.1
