CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5449	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2369705	Issue Tracking Third Party Advisory
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f	Patch
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da	Patch
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7	Patch
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496	Patch
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb	Patch
https://www.libssh.org/security/advisories/CVE-2025-5449.txt	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libssh:libssh:0.11.0:::::::*
	cpe:2.3:a:libssh:libssh:0.11.1:::::::*

History

No history.

Information

Published : 2025-07-25 18:15

Updated : 2025-08-14 00:39

NVD link : CVE-2025-5449

Mitre link : CVE-2025-5449

CVE.ORG link : CVE-2025-5449

JSON object : View

Products Affected

libssh

libssh

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-5449", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-07-25T18:15:26.967", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-5449", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369705", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.libssh.org/security/advisories/CVE-2025-5449.txt", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service."}, {"lang": "es", "value": "Se detect\u00f3 una falla en la l\u00f3gica de decodificaci\u00f3n de mensajes del servidor SFTP de libssh. El problema se debe a una comprobaci\u00f3n incorrecta de la longitud del paquete, lo que permite un desbordamiento de enteros al gestionar payloads de gran tama\u00f1o en sistemas de 32 bits. Este problema provoca errores en la asignaci\u00f3n de memoria y el bloqueo del proceso del servidor, lo que resulta en una denegaci\u00f3n de servicio."}], "lastModified": "2025-08-14T00:39:43.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57396877-0D7A-4506-8C21-38EC7DFB3F04"}, {"criteria": "cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4817DC-731C-4EA3-BF8A-FCCE4AB8AF87"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}