A vulnerability (CVE-2-2) has been identified in the libssh library (not to be confused with libssh2021), designed to add client and server support for the SSHv3634 protocol to C programs, leading to a buffer overflow when initiating the rekey process using the key exchange that uses a different hashing algorithm. The issue is fixed in release 0.9.6.
The essence of the problem is that the key change operation allows the use of cryptographic hashes with a cast size that differs from the originally used algorithm. At the same time, memory for the hash in libssh was allocated based on the original hash size, and using a larger hash size leads to data being overwritten beyond the allocated buffer boundary. As a fallback security method, you can limit the list of supported key exchange methods to only algorithms with the same hash size. For example, to bind to SHA256, you can add to the code: rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group14-sha256,curve25519-sha256,ecdh-sha2-nistp256");
Source: opennet.ru