What is GHSA-wcqf-w94x-4wg2?

GHSA-wcqf-w94x-4wg2 is a security advisory published by GitHub Security Advisories with Medium severity. The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function...

Which CVE IDs does GHSA-wcqf-w94x-4wg2 cover?

GHSA-wcqf-w94x-4wg2 covers the following CVE IDs: CVE-2026-0966. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-wcqf-w94x-4wg2?

GHSA-wcqf-w94x-4wg2 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-wcqf-w94x-4wg2MediumCVSS 6.5

The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function...

Vendor

GitHub Security Advisories

Published

March 26, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-0966 →

📋 Description

The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-0966
https://access.redhat.com/security/cve/CVE-2026-0966
https://bugzilla.redhat.com/show_bug.cgi?id=2433121
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases
https://access.redhat.com/errata/RHSA-2026:7067
https://access.redhat.com/errata/RHSA-2026:18160
https://access.redhat.com/errata/RHSA-2026:18683
https://github.com/advisories/GHSA-wcqf-w94x-4wg2