ON
← Back to feed
Critical libssh2 gap: proof-of-concept exploit released
Germany💻 Technology5 days ago

Critical libssh2 gap: proof-of-concept exploit released

A critical security vulnerability has been identified in the widely used libssh2 library, which could allow attackers to execute arbitrary code remotely by exploiting improper handling of packet lengths during SSH communication. The exploit was published publicly, increasing the risk of exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has noted this in its vulnerability database. The flaw affects versions up to 1.11.1 of libssh2, which remains the latest officially released version. While some Linux distributions have already provided updated packages with backported fixes, Windows users face challenges since official curl binaries for Windows still include the vulnerable libssh2 version. A patch exists in the source code but has not yet been released as an official package.

How each side covered it

The same event, grouped by the political lean of the outlets covering it.

How each side covered it

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Covered around the world

The same event as reported in other countries.

Covered around the world

Support independent, bias-aware news and unlock the social pulse, community voting, and your personalized For You feed.

Become a Supporter

Go to the primary sources (2)

The official sources this coverage is built on. Read them directly to bypass framing.

1 reports

heise online logoheise onlineIndependentCenter5 days ago
Critical libssh2 gap: proof-of-concept exploit released

A critical security vulnerability has been identified in the widely used libssh2 library, which could allow attackers to execute arbitrary code remotely by exploiting improper handling of packet lengths during SSH communication. The exploit was published publicly, increasing the risk of exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has noted this in its vulnerability database. The flaw affects versions up to 1.11.1 of libssh2, which remains the latest officially released version. While some Linux distributions have already provided updated packages with backported fixes, Windows users face challenges since official curl binaries for Windows still include the vulnerable libssh2 version. A patch exists in the source code but has not yet been released as an official package.

Bias read (Center): The article focuses on a technical vulnerability in software and provides factual information about the issue, affected systems, and available patches. There is no political framing, bias, or emphasis on any particular ideological stance.

Keep the news honest.

ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.

Become a Supporter

Related stories