2369131 – (CVE-2025-5318) CVE-2025-5318 libssh: out-of-bounds read in sftp_handle()

Bug 2369131 (CVE-2025-5318) - CVE-2025-5318 libssh: out-of-bounds read in sftp_handle()

Summary: CVE-2025-5318 libssh: out-of-bounds read in sftp_handle()

Keywords:
Status:	NEW
Alias:	CVE-2025-5318
Deadline:	2025-06-24
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2374586 2374587
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-29 07:05 UTC by OSIDB Bzimport
Modified:	2025-06-24 14:12 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-29 07:05:51 UTC

Out-of-Bounds Read vulnerability in the SFTP server implementation of libssh, specifically within the sftp_handle() function. The flaw is due to an incorrect boundary check that permits the function to access memory beyond the valid handle list. This leads to the return of an invalid pointer, which is subsequently used in further processing. Although the issue requires authenticated access to the server, it can be exploited by a remote attacker with valid credentials to potentially read unintended memory regions, which could expose sensitive information or affect service behavior.

Note You need to log in before you can comment on or make changes to this bug.