Description

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

INFO

Published Date :

2025-07-25T17:19:39.345Z

Last Modified :

2026-01-08T03:11:05.447Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5449 vulnerability.

Vendors Products
Libssh
  • Libssh
Redhat
  • Enterprise Linux
  • Openshift
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5449.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-5449 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2369705 cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7 cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496 cve-icon cve-icon
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5449 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5449 cve-icon
https://www.libssh.org/security/advisories/CVE-2025-5449.txt cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact