CVE-2025-5449

Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service

Published: 7/25/2025 Last updated: 11/20/2025 Reserved: 6/2/2025

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.3	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

libssh

Products affected (11)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	15.0(2)EX1
		< 6.1.7601.25954
Red Hat Enterprise Linux 10	Red Hat	15.0(2)EX
Red Hat Enterprise Linux 9	Red Hat	15.0(2)EX2
Red Hat Enterprise Linux 8	Red Hat	Windows 8.1 for 32-bit systems
Red Hat Enterprise Linux 9	Red Hat	< 17.1.1.3
Red Hat Enterprise Linux 10	Red Hat	Windows 7 for x64-based Systems Service Pack 1
Red Hat Enterprise Linux 7	Red Hat	< 17.4R2-S8, 17.4R3
Red Hat Enterprise Linux 7	Red Hat	< 3.5.12.30
Red Hat OpenShift Container Platform 4	Red Hat	< publication
Red Hat OpenShift Container Platform 4	Red Hat	n/a

References (16)

Credits (2)

Red Hat would like to thank Ronald Crane for reporting this issue.
Red Hat would like to thank Ronald Crane for reporting this issue.