CVE-2025-5449

NameCVE-2025-5449
DescriptionA flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1108407

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libssh (PTS)bullseye (security), bullseye0.9.8-0+deb11u1fixed
bookworm, bookworm (security)0.10.6-0+deb12u1fixed
forky, sid, trixie0.11.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libsshsourcebullseye(not affected)
libsshsourcebookworm(not affected)
libsshsource(unstable)0.11.2-11108407

Notes

[bookworm] - libssh <not-affected> (Vulnerable code not present)
[bullseye] - libssh <not-affected> (Vulnerable code not present)
https://www.libssh.org/security/advisories/CVE-2025-5449.txt
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=261612179f740bc62ba363d98b3bd5e5573a811f (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=3443aec90188d6aab9282afc80a81df5ab72c4da (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=78485f446af9b30e37eb8f177b81940710d54496 (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb (libssh-0.11.2)
Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5504ff40515439a5fecbb17da7483000c4d12eb7 (libssh-0.11.2)

Search for package or bug name: Reporting problems