CVE-2025-5318

Sažetak

A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Reference

https://access.redhat.com/security/cve/CVE-2025-5318
https://bugzilla.redhat.com/show_bug.cgi?id=2369131
https://www.libssh.org/security/advisories/CVE-2025-5318.txt

CVSS

Base:	5.4
Impact:	2.5
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

26-06-2025 - 18:58

Objavljeno

24-06-2025 - 14:15