8.1

CVE-2025-5318

Libssh: out-of-bounds read in sftp_handle()

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
LibsshLibssh Version < 0.11.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.39% 0.818
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
secalert@redhat.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2025-5318
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2369131
Third Party Advisory
Issue Tracking
https://www.libssh.org/security/advisories/CVE-2025-5318.txt
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:18231
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:18275
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:18286
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19012
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19098
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19101
Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:19400
https://access.redhat.com/errata/RHSA-2025:19401
https://access.redhat.com/errata/RHSA-2025:19470
https://access.redhat.com/errata/RHSA-2025:19472
https://access.redhat.com/errata/RHSA-2025:19295
https://access.redhat.com/errata/RHSA-2025:19313
https://access.redhat.com/errata/RHSA-2025:19300
https://access.redhat.com/errata/RHSA-2025:19807
https://access.redhat.com/errata/RHSA-2025:20943
https://access.redhat.com/errata/RHSA-2025:21013
https://access.redhat.com/errata/RHSA-2025:19864
https://access.redhat.com/errata/RHSA-2025:21329
https://access.redhat.com/errata/RHSA-2025:21829
https://access.redhat.com/errata/RHSA-2025:22275
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2026:0326
https://access.redhat.com/errata/RHSA-2026:1541
https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3462