Source: libwebsockets Version: 4.3.5-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libwebsockets. CVE-2026-10650[0]: | A flaw has been found in warmcat libwebsockets up to 4.5.8. This | issue affects the function lws_ssh_parse_plaintext of the file | plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol | Handler. Executing a manipulation of the argument msg_len can lead | to resource consumption. The attack may be launched remotely. The | exploit has been published and may be used. This patch is called | 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied | to remediate this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-10650 https://www.cve.org/CVERecord?id=CVE-2026-10650 [1] https://libwebsockets.org/git/libwebsockets/commit?id=3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
