There is an out-of-bounds read vulnerability, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is used to connect to a malicious SSH server. The overflow occurs when the SSH server sends a disconnect message, which means that the vulnerability can be triggered early in the connection process, before authentication is completed.
A server could send a specially crafted SSH packet with a padding length value greater than the packet length. This would result in a buffer read out of bounds when decompressing the packet or result in a corrupted packet value (CWE-130).