Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3731

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.

References

VDB-349709 | libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds vdb-entrytechnical-description
VDB-349709 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #767120 | libssh.org libssh libssh < 0.11.4; < 0.12.0 Out-of-Bounds Read third-party-advisory
https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt related
https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d… patch
https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz patch

Affected products

libssh

==0.11.0
==0.11.4
==0.11.3
==0.12.0
==0.11.2
==0.11.1

Matching in nixpkgs

pkgs.libssh

SSH client library

nixos-unstable 0.11.3
- nixpkgs-unstable 0.11.3
- nixos-unstable-small 0.11.3
nixos-25.11 0.11.3
- nixos-25.11-small 0.11.3
- nixpkgs-25.11-darwin 0.11.3

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

nixos-unstable 1.11.1
- nixpkgs-unstable 1.11.1
- nixos-unstable-small 1.11.1
nixos-25.11 1.11.1
- nixos-25.11-small 1.11.1
- nixpkgs-25.11-darwin 1.11.1

pkgs.haskellPackages.libssh

libssh bindings

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.haskellPackages.libssh2

FFI bindings to libssh2 SSH2 client library (http://libssh2.org/)

nixos-unstable 0.2.0.9-unstable-2025-04-03
- nixpkgs-unstable 0.2.0.9-unstable-2025-04-03
- nixos-unstable-small 0.2.0.9-unstable-2025-04-03
nixos-25.11 0.2.0.9-unstable-2025-04-03
- nixos-25.11-small 0.2.0.9-unstable-2025-04-03
- nixpkgs-25.11-darwin 0.2.0.9-unstable-2025-04-03

pkgs.haskellPackages.libssh2-conduit

Conduit wrappers for libssh2 FFI bindings (see libssh2 package)

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1
nixos-25.11 0.2.1
- nixos-25.11-small 0.2.1
- nixpkgs-25.11-darwin 0.2.1

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-25.11 1.2.2
- nixos-25.11-small 1.2.2
- nixpkgs-25.11-darwin 1.2.2

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.2.2
- nixos-25.11-small 1.2.2
- nixpkgs-25.11-darwin 1.2.2

pkgs.python314Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2

nixos-unstable libssh2
- nixpkgs-unstable libssh2
- nixos-unstable-small libssh2
nixos-25.11 libssh2
- nixos-25.11-small libssh2
- nixpkgs-25.11-darwin libssh2

Package maintainers

@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@geluk Johan Geluk <johan+nix@geluk.io>
@mpscholten Marc Scholten <marc@digitallyinduced.com>
@wfdewith Wim de With <wf@dewith.io>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libssh

pkgs.libssh2

pkgs.haskellPackages.libssh

pkgs.haskellPackages.libssh2

pkgs.haskellPackages.libssh2-conduit

pkgs.python312Packages.ansible-pylibssh

pkgs.python313Packages.ansible-pylibssh

pkgs.python314Packages.ansible-pylibssh

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Package maintainers