Impact
libssh2 includes a pre‑authentication denial of service flaw in the SSH_MSG_EXT_INFO handler. A malicious SSH server can send an extreme extension count value during key exchange, causing the client to enter an unchecked loop while processing extensions. The loop can use excessive CPU for more than one minute, exhausting the client’s processing capacity and denying legitimate SSH traffic.
Affected Systems
The vulnerability affects libssh2 releases up through 1.11.1. Clients built with libssh2 1.11.1 or earlier are vulnerable until the library is updated to the fixed commit 1762685 or a later release that incorporates the fix.
Risk and Exploitability
The CVSS score of 8.2 indicates high severity, while the EPSS score of less than 1 % implies a low probability of exploitation at present. The flaw is not in the CISA KEV catalog. Exploitation requires control over an SSH server that a client connects to, as the attacker must send the crafted extension count. The impact is limited to service availability on the affected client; confidentiality and integrity are not compromised.
OpenCVE Enrichment
Debian DSA
Ubuntu USN