A libssh2 security update has been released for Debian GNU/Linux 8 and 9 Extended LTSto address an issue that allowed attackers to access out of bounds memory.
ELA-956-1 libssh2 security update
Package : libssh2
Version : 1.4.3-4.1+deb8u7 (jessie), 1.7.0-1+deb9u3 (stretch)
Related CVEs :
CVE-2020-22218
An issue has been found in libssh2, an SSH2 client-side library, in function _libssh2_packet_add(), which could allow attackers to access out of bounds memory.