Bug 2369131 (CVE-2025-5318)
| Summary: | CVE-2025-5318 libssh: out-of-bounds read in sftp_handle() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, axel.lin, kshier, omaciel, security-response-team, stcannon, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2374586, 2374587 | ||
| Bug Blocks: | |||
| Deadline: | 2025-06-24 | ||
|
Description
OSIDB Bzimport
2025-05-29 07:05:51 UTC
Hi, This is fixed in libssh-0.11.3. Can someone help to update the status? (e.g. Fixed In Version:) This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:18231 https://access.redhat.com/errata/RHSA-2025:18231 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:18275 https://access.redhat.com/errata/RHSA-2025:18275 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:18286 https://access.redhat.com/errata/RHSA-2025:18286 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:19012 https://access.redhat.com/errata/RHSA-2025:19012 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:19098 https://access.redhat.com/errata/RHSA-2025:19098 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:19101 https://access.redhat.com/errata/RHSA-2025:19101 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:19400 https://access.redhat.com/errata/RHSA-2025:19400 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:19401 https://access.redhat.com/errata/RHSA-2025:19401 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:19470 https://access.redhat.com/errata/RHSA-2025:19470 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:19472 https://access.redhat.com/errata/RHSA-2025:19472 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2025:19295 https://access.redhat.com/errata/RHSA-2025:19295 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:19313 https://access.redhat.com/errata/RHSA-2025:19313 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:19300 https://access.redhat.com/errata/RHSA-2025:19300 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:20943 https://access.redhat.com/errata/RHSA-2025:20943 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21013 https://access.redhat.com/errata/RHSA-2025:21013 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:19864 https://access.redhat.com/errata/RHSA-2025:19864 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:21329 https://access.redhat.com/errata/RHSA-2025:21329 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2025:21829 https://access.redhat.com/errata/RHSA-2025:21829 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2025:22275 https://access.redhat.com/errata/RHSA-2025:22275 |