Integer Overflow or Wraparound Affecting libssh package, versions [0.11.0,0.11.2)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-LIBSSH-10753756
  • published16 Jul 2025
  • disclosed24 Jun 2025
  • creditJakub Jelen

Introduced: 24 Jun 2025

NewCVE-2025-5449  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

Upgrade libssh to version 0.11.2 or higher.

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to incorrect validity check in the sftp_decode_channel_data_to_packet() function. An attacker can cause the server to crash by sending specially crafted SFTP packets with payload size field set to value 0x7ffffffc (2GB - 3B) that trigger an integer overflow during memory allocation attempts.

Note:

This is only exploitable for sftp servers running on on 32-bit platforms.

CVSS Base Scores

version 4.0
version 3.1