CVE-2025-5449

ADVISORY - nist

Summary

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.

EPSS Score⁠: 0.00097 (0.277)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

NIST

CREATED

3 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-5449⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-190⁠

CVSS SCORE

4.3medium

Alpine

CREATED

4 months ago

UPDATED

15 days ago

ADVISORY IDCVE-2025-5449⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 months ago

UPDATED

15 days ago

ADVISORY IDCVE-2025-5449⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2025-5449⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium

minimos

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

MINI-39pq-5g6j-mg8g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY