Fedora 43 libssh2 Important Heap Overflow CVE-2026-7598
fedora
June 7, 2026
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
Summary
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).
Update Information:
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
Topics Covered
Change Log
* Fri May 22 2026 Paul Howarth
References
[ 1 ] Bug #2468328 - CVE-2026-7598 libssh2: integer overflow via large username or password arguments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2468328
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1b9134cdc9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: libssh2
Product: Fedora 43
Version: 1.11.1
Release: 6.fc43
Summary: A library implementing the SSH2 protocol
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!