CVE-2025-5449

Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service

Published: 7/25/2025 Last updated: 1/8/2026 Reserved: 6/2/2025

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (14)

Product	Vendor	Version
		< b1c28577529cdfad40c8242673285f1e1e4c314e
Red Hat Enterprise Linux 10	Red Hat	< 75fc8363227a999e8f3d17e2eb28dce5600dcd3f
Red Hat Enterprise Linux 8	Red Hat	< 8879b5313e9fa5e0c6d6812a0d25d83aed0110e2
Red Hat Enterprise Linux 9	Red Hat	< 809b8cde86320698661eec677222bc5c5df76176
		<= 6.5.*
Red Hat Enterprise Linux 10	Red Hat	<= *
Red Hat Enterprise Linux 8	Red Hat	<= 7.0.15
Red Hat Enterprise Linux 9	Red Hat	<= 6.4.15
Red Hat Enterprise Linux 6	Red Hat	< eae90015d10f0c9a47fc4adccba4cd79dce664e4
Red Hat Enterprise Linux 7	Red Hat	< aeb635b49530b7d19e140949753409f759ba99be
Red Hat Enterprise Linux 6	Red Hat	<= 7.4.6
Red Hat Enterprise Linux 7	Red Hat	<= 7.2.11
Red Hat OpenShift Container Platform 4	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	< 4f01d09b2bbfbcb47b3eb305560a7f4857a32260

References (16)

Credits (2)

Red Hat would like to thank Ronald Crane for reporting this issue.
Red Hat would like to thank Ronald Crane for reporting this issue.