FKIE_CVE-2025-5449

Vulnerability from fkie_nvd - Published: 2025-07-25 18:15 - Updated: 2025-08-14 00:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-5449Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2369705Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811fPatch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4daPatch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7Patch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496Patch
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6cebPatch
secalert@redhat.comhttps://www.libssh.org/security/advisories/CVE-2025-5449.txtThird Party Advisory
Impacted products
Vendor Product Version
libssh libssh 0.11.0
libssh libssh 0.11.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57396877-0D7A-4506-8C21-38EC7DFB3F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4817DC-731C-4EA3-BF8A-FCCE4AB8AF87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en la l\u00f3gica de decodificaci\u00f3n de mensajes del servidor SFTP de libssh. El problema se debe a una comprobaci\u00f3n incorrecta de la longitud del paquete, lo que permite un desbordamiento de enteros al gestionar payloads de gran tama\u00f1o en sistemas de 32 bits. Este problema provoca errores en la asignaci\u00f3n de memoria y el bloqueo del proceso del servidor, lo que resulta en una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2025-5449",
  "lastModified": "2025-08-14T00:39:43.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-25T18:15:26.967",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2025-5449"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369705"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=261612179f740bc62ba363d98b3bd5e5573a811f"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=3443aec90188d6aab9282afc80a81df5ab72c4da"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=5504ff40515439a5fecbb17da7483000c4d12eb7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=78485f446af9b30e37eb8f177b81940710d54496"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.libssh.org/security/advisories/CVE-2025-5449.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.