Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

Published

2025-07-25T18:15:26.967

Last Modified

2025-08-14T00:39:43.210

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libssh	libssh	0.11.0	Yes
Application	libssh	libssh	0.11.1	Yes

References

https://access.redhat.com/security/cve/CVE-2025-5449 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2369705 Issue Tracking, Third Party Advisory ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f Patch ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da Patch ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7 Patch ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496 Patch ([email protected])
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb Patch ([email protected])
https://www.libssh.org/security/advisories/CVE-2025-5449.txt Third Party Advisory ([email protected])