===========================================================
== Subject:     Buffer underflow in ssh_get_hexa() on invalid input
==
== CVE ID#:     CVE-2026-0966
==
== Versions:    libssh < 0.11.4; < 0.12.0
==
== Summary:     Providing 0-length input for the ssh_get_hexa() causes
==              1-byte buffer underflow on heap, possibly causing memory
==              corruption.
==
== Component:   server and client
==
===========================================================

===========
Description
===========

The API function `ssh_get_hexa()` is vulnerable, when 0-length
input is provided to this function. This function is used internally
in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),
which is vulnerable to the same input (length is provided by the
calling application).

The function is also used internally in the gssapi code for logging
the OIDs received by the server during GSSAPI authentication. This
could be triggered remotely, when the server allows GSSAPI authentication
and logging verbosity is set at least to SSH_LOG_PACKET (3). This
could cause self-DoS of the per-connection daemon process.

==================
Patch Availability
==================

Patches addressing the issues have been posted to:
https://www.libssh.org/security/
Additionally, libssh 0.11.4 and 0.12.0 have been issued
as security releases to correct the defect.  SSH administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (6.5)

==========
Workaround
==========

Make sure you do not provide the 0-lengths to these functions.

If you do not depend on GSSAPI authentication, disable it.

=======
Credits
=======

Originally reported by Kang Yang, Yunhang Zhang, & Jun Xu.
Patches provided by Jakub Jelen of the libssh team.

==========================================================
== The libssh team
==========================================================