82 matches found
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1066)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-15382
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
CVE-2025-14942
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1351)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1351 advisory. When asked to both use a .netrc file for credentials and to follow HTTPredirects, curl could leak the password used for the first host to thefollowed-to host under certain circumstances. This...
CVE-2025-15382
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
CVE-2025-14942
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2025-15382
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
CVE-2025-14942
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2025-15382 Client SCP Request Triggers Buffer Overread by 1 Byte
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
CVE-2025-15382
The CVE-2025-15382 issue concerns wolfSSH_CleanPath() in wolfSSH. A heap buffer over-read is triggered by authenticated remote SCP path input containing '/./' sequences, leading to a one-byte heap over-read. Multiple sources (NVD, Red Hat, OSV, CVE listing) describe the vulnerability consistently...
CVE-2025-15382 Client SCP Request Triggers Buffer Overread by 1 Byte
A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...
CVE-2025-14942 Authentication Bypass
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2025-14942 Authentication Bypass
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...
CVE-2025-14942
CVE-2025-14942 affects wolfSSH 1.4.21 and earlier. The issue is in the key exchange state machine, which can be manipulated to leak the client password in the clear, cause the client to send a bogus signature, or bypass user authentication for both client and server applications. Documented impac...
PT-2026-1497
Name of the Vulnerable Software and Affected Versions wolfSSH versions 1.4.21 and earlier Description The wolfSSH key exchange state machine can be manipulated, potentially leading to the exposure of the client’s password in plaintext. This manipulation could also allow an attacker to trick the...
PT-2026-1498
Name of the Vulnerable Software and Affected Versions wolfSSH affected versions not specified Description A heap buffer over-read issue exists in the wolfSSH CleanPath function within wolfSSH. A remote attacker with authentication can trigger this by providing specially crafted SCP path input tha...
wolfSSH 安全漏洞
wolfSSH is a small, fast, portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH that stems from a heap buffer over-read in the wolfSSHCleanPath function, which could lead to a heap out-of-bounds read...
wolfSSH 安全漏洞
wolfSSH is a small, fast, and portable SSH implementation of wolfSSL open source, including support for SCP and SFTP. A security vulnerability exists in wolfSSH 1.4.21 and earlier versions, which stems from a key exchange state machine that can be manipulated, potentially leading to the disclosur...
ROS-20251203-18
Vulnerability of the cURL server communication software tool is related to errors in the host verification mechanism when using the wolfSSH-based backend. host verification mechanism when using wolfSSH-based backend. Exploitation of the vulnerability could allow an attacker acting remotely to...
missing SFTP host verification with wolfSSH
...