CVE-2026-0966: libssh API Function DoS Vulnerability

CVE-2026-0966 Overview

A denial of service vulnerability exists in the LibSSH library's ssh_get_hexa() API function when processing zero-length input. This function is used internally by ssh_get_fingerprint_hash() and the deprecated ssh_print_hexa() function, both of which are vulnerable to the same issue when the calling application provides zero-length input.

The vulnerability extends to the GSSAPI authentication code path, where ssh_get_hexa() is used for logging OID values received from clients. When an SSH server has GSSAPI authentication enabled and logging verbosity is configured to SSH_LOG_PACKET (level 3) or higher, a remote attacker can trigger this vulnerability, causing a denial of service condition affecting the per-connection daemon process.

Critical Impact

Remote attackers can cause denial of service on SSH servers with GSSAPI authentication enabled and verbose logging configured, disrupting SSH connectivity for affected sessions.

Affected Products

• LibSSH versions prior to 0.12.0
• LibSSH versions prior to 0.11.4
• Systems using LibSSH with GSSAPI authentication enabled

Discovery Timeline

• 2026-02-10 - LibSSH releases security patches (versions 0.12.0 and 0.11.4)
• 2026-03-26 - CVE-2026-0966 published to NVD
• 2026-03-26 - Last updated in NVD database

Technical Details for CVE-2026-0966

Vulnerability Analysis

This vulnerability is classified as CWE-124 (Buffer Underwrite), indicating an issue where the software writes to a memory location before the beginning of the intended buffer. The ssh_get_hexa() function fails to properly validate the input length parameter, leading to unexpected behavior when zero-length input is provided.

The vulnerability can be exploited remotely over the network without requiring authentication or user interaction. The attack has low complexity, making it relatively straightforward to trigger. While the confidentiality impact is negligible, successful exploitation results in limited integrity and availability impacts, specifically causing the per-connection daemon process to crash.

Root Cause

The root cause is improper input validation in the ssh_get_hexa() function. When a zero-length buffer is passed to this function, it fails to handle this edge case properly, resulting in a buffer underwrite condition. The function assumes the input will always have a valid length and does not perform adequate bounds checking before processing the data.

This affects multiple code paths within LibSSH, including fingerprint hash generation, hexadecimal printing utilities, and critically, the GSSAPI authentication logging mechanism where OID values from remote clients are processed.

Attack Vector

The most concerning attack vector involves remote exploitation through the GSSAPI authentication pathway. An attacker can exploit this vulnerability by:

1. Connecting to an SSH server that has GSSAPI authentication enabled
2. Sending a specially crafted GSSAPI authentication request containing a zero-length OID
3. If the server has logging verbosity set to SSH_LOG_PACKET (level 3) or higher, the malformed OID triggers the vulnerable code path
4. The ssh_get_hexa() function processes the zero-length input, causing a buffer underwrite condition
5. The per-connection daemon process crashes, resulting in denial of service for that connection

The vulnerability can be triggered without successful authentication, making it accessible to unauthenticated remote attackers targeting vulnerable SSH servers.

Detection Methods for CVE-2026-0966

Indicators of Compromise

• Unexpected crashes or restarts of SSH daemon child processes
• Log entries showing GSSAPI authentication failures with malformed or empty OID values
• Increased connection failures from clients attempting SSH connections
• Process crash dumps or core files from sshd processes with stack traces involving ssh_get_hexa()

Detection Strategies

• Monitor SSH daemon logs for unusual GSSAPI authentication patterns or errors
• Implement process monitoring to detect abnormal termination of SSH connection handlers
• Deploy network intrusion detection rules to identify malformed GSSAPI authentication attempts
• Use application crash monitoring to alert on repeated LibSSH-related crashes

Monitoring Recommendations

• Enable detailed logging for SSH authentication events while being mindful of the vulnerability trigger conditions
• Implement rate limiting on SSH connection attempts to reduce potential DoS impact
• Monitor system stability metrics for services dependent on LibSSH
• Review GSSAPI authentication logs regularly for anomalous patterns

How to Mitigate CVE-2026-0966

Immediate Actions Required

• Update LibSSH to version 0.12.0 or 0.11.4 immediately
• If immediate patching is not possible, consider disabling GSSAPI authentication temporarily
• Reduce logging verbosity below SSH_LOG_PACKET (level 3) as a temporary workaround
• Review and restrict network access to SSH services to trusted sources only

Patch Information

LibSSH has released security patches addressing this vulnerability. According to the LibSSH Security Release Announcement, users should upgrade to version 0.12.0 or 0.11.4 depending on their current version branch. Additional information is available through the Red Hat CVE-2026-0966 Advisory and Red Hat Bugzilla Report #2433121.

Workarounds

• Disable GSSAPI authentication by setting GSSAPIAuthentication no in SSH server configuration
• Lower logging verbosity to below level 3 to prevent triggering the vulnerable code path in GSSAPI logging
• Implement network-level filtering to block untrusted access to SSH services
• Use firewall rules to rate-limit SSH connection attempts from external sources

# Configuration example - Disable GSSAPI authentication in sshd_config
# Add or modify the following line in /etc/ssh/sshd_config
GSSAPIAuthentication no

# Restart SSH service to apply changes
# For systemd-based systems:
systemctl restart sshd

# For init-based systems:
service sshd restart