| Name | CVE-2025-5449 |
| Description | A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1108407 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libssh (PTS) | bullseye (security), bullseye | 0.9.8-0+deb11u1 | fixed |
| bookworm, bookworm (security) | 0.10.6-0+deb12u1 | fixed | |
| trixie | 0.11.2-1 | fixed | |
| forky, sid | 0.11.3-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libssh | source | bullseye | (not affected) | |||
| libssh | source | bookworm | (not affected) | |||
| libssh | source | (unstable) | 0.11.2-1 | 1108407 |
[bookworm] - libssh <not-affected> (Vulnerable code not present)
[bullseye] - libssh <not-affected> (Vulnerable code not present)
https://www.libssh.org/security/advisories/CVE-2025-5449.txt
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=261612179f740bc62ba363d98b3bd5e5573a811f (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=3443aec90188d6aab9282afc80a81df5ab72c4da (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)