Unchecked Input for Loop Condition Affecting libssh2 package, versions *


Severity

Recommended
0.0
medium
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.41% (33rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS7-LIBSSH2-17443109
  • published24 Jun 2026
  • disclosed17 Jun 2026

Introduced: 17 Jun 2026

NewCVE-2026-55199  (opens in a new tab)
CWE-606  (opens in a new tab)

How to fix?

There is no fixed version for Centos:7 libssh2.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libssh2 package and not the libssh2 package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.

CVSS Base Scores

version 3.1