Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-5449

Опубликовано: 25 июл. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

РелизСтатусПримечание
devel

not-affected

0.11.2-1
esm-infra/bionic

not-affected

code not present
esm-infra/focal

not-affected

code not present
esm-infra/xenial

not-affected

code not present
jammy

not-affected

code not present
noble

not-affected

code not present
oracular

not-affected

code not present
plucky

released

0.11.1-1ubuntu0.1
upstream

released

0.11.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 25%
0.00083
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2025-5449

CVSS3: 4.3
redhat
2 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

nvd логотип

CVE-2025-5449

CVSS3: 4.3
nvd
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

debian логотип

CVE-2025-5449

CVSS3: 4.3
debian
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. ...

github логотип

GHSA-q9x7-4rf7-4xq2

CVSS3: 4.3
github
около 1 месяца назад

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

fstec логотип

BDU:2025-07645

CVSS3: 4.3
fstec
4 месяца назад

Уязвимость функции sftp_decode_channel_data_to_packet() библиотеки libssh, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 25%
0.00083
Низкий

4.3 Medium

CVSS3