Overview

File libssh-CVE-2026-3731.patch of Package libssh.43184

From 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 11 Dec 2025 13:22:44 +0100
Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 src/sftp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Index: libssh-0.10.6/src/sftp.c
===================================================================
--- libssh-0.10.6.orig/src/sftp.c
+++ libssh-0.10.6/src/sftp.c
@@ -768,7 +768,7 @@ const char *sftp_extensions_get_name(sft
     return NULL;
   }
 
-  if (idx > sftp->ext->count) {
+  if (idx >= sftp->ext->count) {
     ssh_set_error_invalid(sftp->session);
     return NULL;
   }
@@ -784,7 +784,7 @@ const char *sftp_extensions_get_data(sft
     return NULL;
   }
 
-  if (idx > sftp->ext->count) {
+  if (idx >= sftp->ext->count) {
     ssh_set_error_invalid(sftp->session);
     return NULL;
   }
openSUSE Build Service is sponsored by
Places