{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T09:34:20.342","vulnerabilities":[{"cve":{"id":"CVE-2025-5449","sourceIdentifier":"secalert@redhat.com","published":"2025-07-25T18:15:26.967","lastModified":"2026-01-08T04:15:55.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service."},{"lang":"es","value":"Se detectó una falla en la lógica de decodificación de mensajes del servidor SFTP de libssh. El problema se debe a una comprobación incorrecta de la longitud del paquete, lo que permite un desbordamiento de enteros al gestionar payloads de gran tamaño en sistemas de 32 bits. Este problema provoca errores en la asignación de memoria y el bloqueo del proceso del servidor, lo que resulta en una denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:0.11.0:*:*:*:*:*:*:*","matchCriteriaId":"57396877-0D7A-4506-8C21-38EC7DFB3F04"},{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:0.11.1:*:*:*:*:*:*:*","matchCriteriaId":"8C4817DC-731C-4EA3-BF8A-FCCE4AB8AF87"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-5449","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369705","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://www.libssh.org/security/advisories/CVE-2025-5449.txt","source":"secalert@redhat.com","tags":["Third Party Advisory"]}]}}]}