fkie_cve-2025-5449
Vulnerability from fkie_nvd
Published
2025-07-25 18:15
Modified
2025-08-14 00:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-5449Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2369705Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811fPatch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4daPatch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7Patch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496Patch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6cebPatch
secalert@redhat.comhttps://www.libssh.org/security/advisories/CVE-2025-5449.txtThird Party Advisory
Impacted products
Vendor Product Version
libssh libssh 0.11.0
libssh libssh 0.11.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57396877-0D7A-4506-8C21-38EC7DFB3F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4817DC-731C-4EA3-BF8A-FCCE4AB8AF87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en la l\u00f3gica de decodificaci\u00f3n de mensajes del servidor SFTP de libssh. El problema se debe a una comprobaci\u00f3n incorrecta de la longitud del paquete, lo que permite un desbordamiento de enteros al gestionar payloads de gran tama\u00f1o en sistemas de 32 bits. Este problema provoca errores en la asignaci\u00f3n de memoria y el bloqueo del proceso del servidor, lo que resulta en una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2025-5449",
  "lastModified": "2025-08-14T00:39:43.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-25T18:15:26.967",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2025-5449"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369705"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=261612179f740bc62ba363d98b3bd5e5573a811f"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=3443aec90188d6aab9282afc80a81df5ab72c4da"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=5504ff40515439a5fecbb17da7483000c4d12eb7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=78485f446af9b30e37eb8f177b81940710d54496"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.libssh.org/security/advisories/CVE-2025-5449.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.