These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-15661 is a high-severity vulnerability in libssh2, a popular SSH library. An out-of-bounds heap read vulnerability exists in the sftp_symlink() function, allowing a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash. The vulnerability is triggered by a crafted SSH_FXP_NAME response, which can be sent during SFTP READLINK and REALPATH operations. A [truncated]
A critical vulnerability, CVE-2026-55200, has been identified in libssh2, a popular SSH library. This out-of-bounds write vulnerability, with a CVSS score of 9.2, occurs in the `ssh2_transport_read()` function, which fails to enforce upper bounds on the `packet_length` field. Remote attackers can exploit this vulnerability by sending crafted SSH packets with excessively large `packet_length` values, poten [truncated]
CVE-2026-55199 is a high-severity pre-authentication denial of service vulnerability in libssh2, allowing a malicious SSH server to cause a client CPU exhaustion loop. The vulnerability is triggered by a crafted extension count value in the SSH_MSG_EXT_INFO handler. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 second [truncated]