CNNVD-202507-3330 Information
CNNVD ID
CNNVD-202507-3330
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
libssh是libssh组织的一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh存在输入验证错误漏洞,该漏洞源于SFTP服务器消息解码逻辑中的整数溢出,可能导致内存分配失败和服务器进程崩溃,造成拒绝服务。
Description (English)
Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. Libssh has an input validation error loophole, which stems from the integer spill in the SFTP server message decode logic, which may result in memory distribution failure and server process collapse, leading to the denial of service.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
libssh
Published
2025-07-25
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-5449 https://bugzilla.redhat.com/show_bug.cgi?id=2369705 https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7 https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496 https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb https://www.libssh.org/security/advisories/CVE-2025-5449.txt
Patch
https://www.libssh.org/security/
Share on: