Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-5449
Good to know:
Date: July 25, 2025
In libssh 0.11.0 before 0.11.2 malicious clients can send invalid SFTP packets with payload size field set to value 0x7ffffffc (2GB - 3B). This value incorrectly passes the validity check on 32b platforms in the function sftp_decode_channel_data_to_packet(). This is caused by integer overflow in the packet length check. But the wrong buffer bounds are not used for accessing beyond the buffer bounds as the following call to `ssh_buffer_add_data()` will already fail to allocate buffer of size > 256MB, leading to the self-DoS of the sftp server process. This is exploitable for sftp servers running on on 32b platforms only.
Severity Score
Related Resources (12)
Severity Score
Weakness Type (CWE)
Integer Overflow or Wraparound
CWE-190Top Fix
Upgrade Version
Upgrade to version https://git.libssh.org/projects/libssh.git - libssh-0.11.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | LOW |