CVE-2025-15382
Heap Buffer Over-read in wolfSSH_CleanPath() via Crafted SCP Path
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssh | to 2025-12-30 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer over-read caused by an off-by-one error in the wolfSSH_CleanPath() function of wolfSSH. An authenticated remote attacker can exploit this by sending specially crafted SCP path input containing '/./' sequences, which triggers the function to read one byte beyond the intended buffer boundary, potentially leading to memory corruption or other security issues. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a heap buffer over-read, which may cause memory corruption or unexpected behavior in the affected software. This could potentially be leveraged by an attacker to cause denial of service or to gain further access depending on the context, although the exact impact beyond the over-read is not detailed. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the off-by-one error in the wolfSSH component. This fix was merged into the master branch of the wolfSSL project on December 30, 2025, as Pull Request #859. Updating to a version of wolfSSH that includes this patch will mitigate the vulnerability. [1]