CVE-2025-5318

Name
CVE-2025-5318
Description
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-5318
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2369131
secalert@redhat.com https://www.libssh.org/security/advisories/CVE-2025-5318.txt
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:18231
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:18275
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:18286
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19012
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19098
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19101
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19400
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19401
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19470
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19472
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19295
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19300
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19313
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19807
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:20943
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:21013
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:19864
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:21329
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:21829
secalert@redhat.com https://access.redhat.com/errata/RHSA-2025:22275

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* openshift_container_platform == None == 4.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* enterprise_linux == None == 8.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* enterprise_linux == None == 9.0
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* enterprise_linux == None == 10.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libssh edge-community 0.11.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libssh 3.22-community 0.11.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed