Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5318

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Published

2025-06-24T14:15:30.523

Last Modified

2025-12-10T19:16:14.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	4.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux	10.0	Yes
Application	libssh	libssh	< 0.11.2	Yes

References

https://access.redhat.com/errata/RHSA-2025:18231 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:18275 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:18286 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:19012 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:19098 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:19101 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2025:19295 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19300 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19313 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19400 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19401 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19470 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19472 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19807 ([email protected])
https://access.redhat.com/errata/RHSA-2025:19864 ([email protected])
https://access.redhat.com/errata/RHSA-2025:20943 ([email protected])
https://access.redhat.com/errata/RHSA-2025:21013 ([email protected])
https://access.redhat.com/errata/RHSA-2025:21329 ([email protected])
https://access.redhat.com/errata/RHSA-2025:21829 ([email protected])
https://access.redhat.com/errata/RHSA-2025:22275 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23078 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23079 ([email protected])
https://access.redhat.com/errata/RHSA-2025:23080 ([email protected])
https://access.redhat.com/security/cve/CVE-2025-5318 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2369131 Issue Tracking, Third Party Advisory ([email protected])
https://www.libssh.org/security/advisories/CVE-2025-5318.txt Vendor Advisory ([email protected])