From: Deepak Rathore <[email protected]> Upstream Repository: https://git.libssh.org/projects/libssh.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3731 Type: Security Fix CVE: CVE-2026-3731 Score: 9.8 Patch: https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a Signed-off-by: Deepak Rathore <[email protected]> diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch new file mode 100644 index 0000000000..9c3e5b9dcc --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch @@ -0,0 +1,43 @@ +From 4ba1c265b354056834fc835ecff14c0eeb834312 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen <[email protected]> +Date: Thu, 11 Dec 2025 13:22:44 +0100 +Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2026-3731 +Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a] + +Signed-off-by: Jakub Jelen <[email protected]> +Reviewed-by: Pavol Žáčik <[email protected]> +(cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60) +Signed-off-by: Deepak Rathore <[email protected]> +--- + src/sftp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/sftp.c b/src/sftp.c +index 37b4133b..cbcdb066 100644 +--- a/src/sftp.c ++++ b/src/sftp.c +@@ -583,7 +583,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, unsigned int idx) { + return NULL; + } + +- if (idx > sftp->ext->count) { ++ if (idx >= sftp->ext->count) { + ssh_set_error_invalid(sftp->session); + return NULL; + } +@@ -599,7 +599,7 @@ const char *sftp_extensions_get_data(sftp_session sftp, unsigned int idx) { + return NULL; + } + +- if (idx > sftp->ext->count) { ++ if (idx >= sftp->ext->count) { + ssh_set_error_invalid(sftp->session); + return NULL; + } +-- +2.51.0 diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb index 5928581312..9f66736b29 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb @@ -9,6 +9,7 @@ DEPENDS = "zlib openssl" SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \ file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ file://run-ptest \ + file://CVE-2026-3731.patch \ " SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch" -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125025): https://lists.openembedded.org/g/openembedded-devel/message/125025 Mute This Topic: https://lists.openembedded.org/mt/118239488/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
