Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Thu, 14 Aug 2025 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Libssh
Libssh libssh |
|
CPEs | cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:* cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:* |
|
Vendors & Products |
Libssh
Libssh libssh |
Fri, 25 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 25 Jul 2025 17:30:00 +0000
Fri, 04 Jul 2025 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service. | |
Title | libssh: Integer Overflow in libssh SFTP Server Packet Length Validation Leading to Denial of Service | |
Weaknesses | CWE-190 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-08-14T00:41:42.160Z
Reserved: 2025-06-02T07:10:17.845Z
Link: CVE-2025-5449

Updated: 2025-07-25T17:34:02.421Z

Status : Analyzed
Published: 2025-07-25T18:15:26.967
Modified: 2025-08-14T00:39:43.210
Link: CVE-2025-5449


No data.