CVE-2025-5449 Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

CVE-2025-5449

CVE-2025-5449 affects libssh’s SFTP server message decoding. The root cause is an integer overflow caused by an incorrect packet length check, enabling overflow when processing large payloads on 32-bit systems. This leads to a failed memory allocation and can crash the server process, causing a d...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management bsc1245311. CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in...

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

UBUNTU-CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

SUSE CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

CVE-2022-43920

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362...

CVE-2022-22899

Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service DoS via a crafted packet through the SSH service...

CVE-2022-39220

SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting XSS vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist...

CVE-2025-22399

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery...

SFTPGo 操作系统命令注入漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. SFTPGo suffers from an operating system command injection vulnerability that stems from a lack of cleanup of the rsync command, allowing remote users to read or write files...

CVE-2024-46483

CVE-2024-46483 affects Xlight FTP Server versions prior to 3.9.4.3. The vulnerability is an integer overflow in the SFTP packet parsing logic, which can cause a heap overflow when processing attacker-controlled content. Related sources describe potential remote code execution consequences in affe...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

Infinera Transcend Network Management System 安全漏洞

Infinera Transcend Network Management System Infinera TNMS is a powerful element, network, and service management system from Infinera USA. A security vulnerability exists in Infinera Transcend Network Management System version 19.10.3, which stems from an insecure default configuration of the...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

CVE-2024-25659

Infinera TNMS (Transcend Network Management System) version 19.10.3 is affected by an insecure default configuration of the internal SFTP server on Linux, which can allow a remote attacker to access files and directories outside the SFTP user home directory. The CVE-2024-25659 entry notes a netwo...

(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available updates to RHBQ 2.13.9.Final. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...