CVE-2026-0967

Libssh: libssh: denial of service via inefficient regular expression processing

Published: 3/26/2026 Last updated: 4/2/2026 Reserved: 1/14/2026

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	2.2	Low	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

Opam packages affected (1)

libssh

Products affected (5)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a

References (6)

Credits (2)

Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.
Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.