Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-5449

Опубликовано: 25 июл. 2025
Источник: debian

Описание

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsshfixed0.11.2-1package
libsshnot-affectedbookwormpackage
libsshnot-affectedbullseyepackage

Примечания

  • https://www.libssh.org/security/advisories/CVE-2025-5449.txt

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=261612179f740bc62ba363d98b3bd5e5573a811f (libssh-0.11.2)

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=3443aec90188d6aab9282afc80a81df5ab72c4da (libssh-0.11.2)

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2)

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)

Связанные уязвимости

ubuntu логотип

CVE-2025-5449

CVSS3: 4.3
ubuntu
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

redhat логотип

CVE-2025-5449

CVSS3: 4.3
redhat
2 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

nvd логотип

CVE-2025-5449

CVSS3: 4.3
nvd
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

github логотип

GHSA-q9x7-4rf7-4xq2

CVSS3: 4.3
github
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

fstec логотип

BDU:2025-07645

CVSS3: 4.3
fstec
4 месяца назад

Уязвимость функции sftp_decode_channel_data_to_packet() библиотеки libssh, позволяющая нарушителю вызвать отказ в обслуживании