Lucene search
K

4 matches found

CVE
CVE
added 2026/06/18 8:18 p.m.90 views

CVE-2025-15661

Summary (CVE-2025-15661): libssh2 up to 1.11.1 contains a heap over-read in the sftp_symlink() implementation (src/sftp.c). A crafted SSH_FXP_NAME response can cause a heap buffer over-read when a link_len value exceeds actual packet data during SFTP READLINK/REALPATH, due to missing validation o...

8.3CVSS5.4AI score0.00267EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/18 8:18 p.m.21 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS0.00267EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/18 8:18 p.m.5 views

CVE-2025-15661

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS7.2AI score0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50786

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 commit 2dae302 Description An out-of-bounds heap read exists in the sftp symlink function within src/sftp.c. A malicious SSH server or man-in-the-middle attacker can disclose heap memory contents or cause a cra...

8.3CVSS7.2AI score0.00267EPSS
Exploits0References25
Rows per page
Query Builder