CNNVD-202506-3086 Information
CNNVD ID
CNNVD-202506-3086
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
libssh是libssh组织的一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh存在缓冲区错误漏洞,该漏洞源于sftp_handle函数存在越界读取,可能导致信息泄露或服务异常。
Description (English)
Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. Libssh has an error loophole in the buffer zone, which stems from the existence of a cross-border reading of the sftp handle function, which may lead to information leaks or service anomalies.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
libssh
Published
2025-06-24
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-5318 https://bugzilla.redhat.com/show_bug.cgi?id=2369131 https://www.libssh.org/security/advisories/CVE-2025-5318.txt https://nvd.nist.gov/vuln/detail/CVE-2025-5318 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html