CVE-2026-0967 PUBLISHED

Libssh: libssh: denial of service via inefficient regular expression processing

Assigner: redhat
Reserved: 14.01.2026 Published: 26.03.2026 Updated: 27.03.2026

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the match_pattern() function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.

Metrics

CVSS 3.0

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVSS Score: 2.2

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	Required	Availability Impact	Low

CVSS 3.0

Product Status

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 6
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 7
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat OpenShift Container Platform 4
Versions	Default: affected

Workarounds

Avoid using complex patterns in configuration files and known_hosts.

Credits

Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.

References

Problem Types

Inefficient Regular Expression Complexity CWE