Bug 2369131 (CVE-2025-5318) - CVE-2025-5318 libssh: out-of-bounds read in sftp_handle()
Summary: CVE-2025-5318 libssh: out-of-bounds read in sftp_handle()
Keywords:
Status: NEW
Alias: CVE-2025-5318
Deadline: 2025-06-24
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2374586 2374587
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-29 07:05 UTC by OSIDB Bzimport
Modified: 2025-11-20 07:56 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:18967 0 None None None 2025-10-22 09:41:34 UTC
Red Hat Product Errata RHBA-2025:18970 0 None None None 2025-10-22 10:38:52 UTC
Red Hat Product Errata RHBA-2025:19063 0 None None None 2025-10-23 18:54:23 UTC
Red Hat Product Errata RHBA-2025:19076 0 None None None 2025-10-23 20:04:58 UTC
Red Hat Product Errata RHBA-2025:19387 0 None None None 2025-10-30 21:51:39 UTC
Red Hat Product Errata RHBA-2025:19439 0 None None None 2025-11-03 10:16:22 UTC
Red Hat Product Errata RHBA-2025:20013 0 None None None 2025-11-10 11:55:52 UTC
Red Hat Product Errata RHSA-2025:18231 0 None None None 2025-10-16 10:16:29 UTC
Red Hat Product Errata RHSA-2025:18275 0 None None None 2025-10-16 21:48:55 UTC
Red Hat Product Errata RHSA-2025:18286 0 None None None 2025-10-20 02:10:24 UTC
Red Hat Product Errata RHSA-2025:19012 0 None None None 2025-10-23 19:46:49 UTC
Red Hat Product Errata RHSA-2025:19098 0 None None None 2025-10-27 01:26:04 UTC
Red Hat Product Errata RHSA-2025:19101 0 None None None 2025-10-27 08:19:58 UTC
Red Hat Product Errata RHSA-2025:19295 0 None None None 2025-11-05 04:43:15 UTC
Red Hat Product Errata RHSA-2025:19300 0 None None None 2025-11-05 18:13:35 UTC
Red Hat Product Errata RHSA-2025:19313 0 None None None 2025-11-05 12:24:52 UTC
Red Hat Product Errata RHSA-2025:19400 0 None None None 2025-11-03 01:19:15 UTC
Red Hat Product Errata RHSA-2025:19401 0 None None None 2025-11-03 01:35:41 UTC
Red Hat Product Errata RHSA-2025:19470 0 None None None 2025-11-03 12:06:50 UTC
Red Hat Product Errata RHSA-2025:19472 0 None None None 2025-11-03 12:14:35 UTC
Red Hat Product Errata RHSA-2025:19864 0 None None None 2025-11-17 15:12:56 UTC
Red Hat Product Errata RHSA-2025:20943 0 None None None 2025-11-11 13:52:56 UTC
Red Hat Product Errata RHSA-2025:21013 0 None None None 2025-11-11 19:12:51 UTC
Red Hat Product Errata RHSA-2025:21329 0 None None None 2025-11-20 07:56:56 UTC

Description OSIDB Bzimport 2025-05-29 07:05:51 UTC 
Out-of-Bounds Read vulnerability in the SFTP server implementation of libssh, specifically within the sftp_handle() function. The flaw is due to an incorrect boundary check that permits the function to access memory beyond the valid handle list. This leads to the return of an invalid pointer, which is subsequently used in further processing. Although the issue requires authenticated access to the server, it can be exploited by a remote attacker with valid credentials to potentially read unintended memory regions, which could expose sensitive information or affect service behavior.
Comment 1 Axel 2025-10-07 06:40:25 UTC 
Hi,
This is fixed in libssh-0.11.3.
Can someone help to update the status? (e.g. Fixed In Version:)
Comment 2 errata-xmlrpc 2025-10-16 10:16:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:18231 https://access.redhat.com/errata/RHSA-2025:18231
Comment 3 errata-xmlrpc 2025-10-16 21:48:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:18275 https://access.redhat.com/errata/RHSA-2025:18275
Comment 4 errata-xmlrpc 2025-10-20 02:10:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:18286 https://access.redhat.com/errata/RHSA-2025:18286
Comment 7 errata-xmlrpc 2025-10-23 19:46:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:19012 https://access.redhat.com/errata/RHSA-2025:19012
Comment 8 errata-xmlrpc 2025-10-27 01:26:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:19098 https://access.redhat.com/errata/RHSA-2025:19098
Comment 9 errata-xmlrpc 2025-10-27 08:19:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:19101 https://access.redhat.com/errata/RHSA-2025:19101
Comment 11 errata-xmlrpc 2025-11-03 01:19:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:19400 https://access.redhat.com/errata/RHSA-2025:19400
Comment 12 errata-xmlrpc 2025-11-03 01:35:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:19401 https://access.redhat.com/errata/RHSA-2025:19401
Comment 13 errata-xmlrpc 2025-11-03 12:06:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:19470 https://access.redhat.com/errata/RHSA-2025:19470
Comment 14 errata-xmlrpc 2025-11-03 12:14:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:19472 https://access.redhat.com/errata/RHSA-2025:19472
Comment 15 errata-xmlrpc 2025-11-05 04:43:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.20

Via RHSA-2025:19295 https://access.redhat.com/errata/RHSA-2025:19295
Comment 16 errata-xmlrpc 2025-11-05 12:24:50 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:19313 https://access.redhat.com/errata/RHSA-2025:19313
Comment 17 errata-xmlrpc 2025-11-05 18:13:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2025:19300 https://access.redhat.com/errata/RHSA-2025:19300
Comment 18 errata-xmlrpc 2025-11-11 13:52:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20943 https://access.redhat.com/errata/RHSA-2025:20943
Comment 19 errata-xmlrpc 2025-11-11 19:12:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21013 https://access.redhat.com/errata/RHSA-2025:21013
Comment 20 errata-xmlrpc 2025-11-17 15:12:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:19864 https://access.redhat.com/errata/RHSA-2025:19864
Comment 21 errata-xmlrpc 2025-11-20 07:56:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:21329 https://access.redhat.com/errata/RHSA-2025:21329
Note You need to log in before you can comment on or make changes to this bug.