Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Fedora 44 libssh2 Severe Heap Overflow Vulnerability CVE-2026-7598

fedora
Calendar Grey May 30, 2026
Dist Fedora Esm H88
Update for Fedora 44 addresses important heap buffer overflow in libssh2, potential remote exploit via user input.
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

Summary

libssh2 is a library implementing the SSH2 protocol as defined by

Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),

SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,

SECSH-DHGEX(04), and SECSH-NUMBERS(10).

Update Information:

This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.

Change Log

* Fri May 22 2026 Paul Howarth - 1.11.1-6 - Fix CVE-2026-7598: integer overflow via large username or password arguments (https://github.com/libssh2/libssh2/pull/1858)

References


[ 1 ] Bug #2468328 - CVE-2026-7598 libssh2: integer overflow via large username or password arguments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2468328

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f87ac8187c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: libssh2
Product: Fedora 44
Version: 1.11.1
Release: 6.fc44
Summary: A library implementing the SSH2 protocol

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here