CVE-2025-5449
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-14
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libssh | libssh | 0.11.0 |
| libssh | libssh | 0.11.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow flaw in the libssh SFTP server's packet length validation on 32-bit systems. Specifically, in the function sftp_decode_channel_data_to_packet(), a specially crafted SFTP packet with a very large payload size can bypass the length check due to integer overflow. This causes the server to attempt to allocate an excessively large buffer, which fails and leads to the server process crashing, resulting in a denial of service. [1, 2]
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) condition on the libssh SFTP server running on 32-bit Linux systems. An authenticated attacker with SFTP access can send a specially crafted packet that causes the server to crash, disrupting service availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your system is running vulnerable libssh versions (0.11.0 or 0.11.1) on a 32-bit Linux platform. You can check the libssh version installed using commands like 'ssh -V' or querying your package manager (e.g., 'dpkg -l | grep libssh' on Debian-based systems or 'rpm -q libssh' on RedHat-based systems). Network detection of exploit attempts is difficult as it requires authenticated SFTP access with specially crafted packets. Monitoring SFTP server crashes or denial of service symptoms may indicate exploitation attempts. No specific detection commands for crafted packets are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade libssh to version 0.11.2 or later, where the vulnerability has been patched. Since no workaround exists, applying the official patch or upgrading is critical. Restricting SFTP access to trusted users and monitoring for unusual server crashes can help reduce risk until the patch is applied. [2]