CVE-2025-5318

Libssh: out-of-bounds read in sftp_handle()

Published: 6/24/2025 Last updated: 2/27/2026 Reserved: 5/29/2025

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.1	High	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Opam packages affected (1)

libssh

Products affected (53)

Product	Vendor	Version
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	< 10.0.14393.7159
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	< 10.0.17763.6054
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	< 10.0.17763.6054
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	< 10.0.20348.2582
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	< 10.0.22000.3079
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	< 10.0.19044.4651
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	< 10.0.22621.3880
Red Hat Enterprise Linux 9	Red Hat	< 10.0.19045.4651
Red Hat Enterprise Linux 9	Red Hat	< 10.0.22631.3880
Red Hat Enterprise Linux 9	Red Hat	< 10.0.22631.3880
Red Hat Enterprise Linux 9	Red Hat	< 10.0.25398.1009
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	< 10.0.10240.20710
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< 10.0.17763.6054
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	< 10.0.14393.7159
Red Hat Enterprise Linux 10	Red Hat	< 10.0.19045.4651
Red Hat Enterprise Linux 8	Red Hat	< 18.8.4
Red Hat Enterprise Linux 8	Red Hat	< 6.1.7601.27219
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 10.0.19045.4651
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< 10.0.17763.6054
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	< 10.0.22631.3880
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	< 10.0.17763.7919
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	< 10.0.19045.6456
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	< 6.3.9600.22824
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	< 1.4.1175
Red Hat Enterprise Linux 9	Red Hat	< 10.0.14393.7159
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	< 18.8.4
Red Hat AI Inference Server 3.2	Red Hat	< *
Red Hat AI Inference Server 3.2	Red Hat	< 6.3.9600.22074
Red Hat AI Inference Server 3.2	Red Hat	< *
Red Hat AI Inference Server 3.2	Red Hat	< *
Red Hat AI Inference Server 3.2	Red Hat	< V35.02.10
Red Hat AI Inference Server 3.2	Red Hat	< *
Red Hat OpenShift Container Platform 4.18	Red Hat	634
Red Hat OpenShift Container Platform 4.19	Red Hat	< 6.2.9200.24975
Red Hat OpenShift Container Platform 4.20	Red Hat	< 6.3.9600.22074
Red Hat OpenShift Container Platform 4.17	Red Hat	< 10.0.14393.7159
Red Hat OpenShift Container Platform 4.20	Red Hat	< V29.01.07
Red Hat OpenShift Container Platform 4.12	Red Hat	<= 4.0.0
Red Hat OpenShift Container Platform 4.13	Red Hat	< 10.0.22000.3079
Red Hat OpenShift Container Platform 4.14	Red Hat	< 10.0.19045.4651
Red Hat OpenShift Container Platform 4.15	Red Hat	< 10.0.22631.3880
Red Hat OpenShift Container Platform 4.16	Red Hat	< 10.0.14393.7159
Red Hat OpenShift Container Platform 4.12	Red Hat	< 10.0.14393.7159
Red Hat OpenShift Container Platform 4.13	Red Hat	< 6.0.6003.22769
Red Hat OpenShift Container Platform 4.14	Red Hat	< 6.0.6003.22769
Red Hat OpenShift Container Platform 4.15	Red Hat	< 6.0.6003.22769
Red Hat OpenShift Container Platform 4.16	Red Hat	< 6.1.7601.27219
Red Hat OpenShift Container Platform 4.17	Red Hat	< 6.1.7601.27219
Red Hat OpenShift Container Platform 4.18	Red Hat	< 6.2.9200.24975
Red Hat OpenShift distributed tracing 3.7.1	Red Hat	AMD Software: Adrenalin Edition 25.6.1 (25.10.x.y), AMD Software: PRO Edition 25.Q2 (25.10.10)
Red Hat OpenShift distributed tracing 3.7.1	Red Hat	Contact your AMD Customer Engineering representative
Red Hat OpenShift distributed tracing 3.7.1	Red Hat	< 10.0.19044.4651
Red Hat OpenShift distributed tracing 3.7.1	Red Hat	< 10.0.14393.7159

References (60)

Credits (2)

Red Hat would like to thank Ronald Crane for reporting this issue.
Red Hat would like to thank Ronald Crane for reporting this issue.