CVE-2025-5449

Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service

Published: 7/25/2025 Last updated: 1/8/2026 Reserved: 6/2/2025

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (13)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	16.3.0
Red Hat Enterprise Linux 8	Red Hat	1.0
Red Hat Enterprise Linux 9	Red Hat	< 5b02e397929e5b13b969ef1f8e43c7951e2864f5
		< publication
Red Hat Enterprise Linux 10	Red Hat	< publication
Red Hat Enterprise Linux 8	Red Hat	< 6.1.7601.24563
Red Hat Enterprise Linux 9	Red Hat	< publication
Red Hat Enterprise Linux 6	Red Hat	< 16.2.5
Red Hat Enterprise Linux 7	Red Hat	< 15.2.12
Red Hat Enterprise Linux 6	Red Hat	< publication
Red Hat Enterprise Linux 7	Red Hat	< 6.1.7601.24563
Red Hat OpenShift Container Platform 4	Red Hat	< 6.1.7601.24563
Red Hat OpenShift Container Platform 4	Red Hat	< 67a167a6b8b45607bc34aa541d1c75097d18d460

References (16)

Credits (2)

Red Hat would like to thank Ronald Crane for reporting this issue.
Red Hat would like to thank Ronald Crane for reporting this issue.