AZL-64358

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64358.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64358

Upstream

CVE-2025-5318

Published

2025-06-24T14:15:30Z

Modified

2026-04-21T04:32:22.765430Z

Summary

CVE-2025-5318 affecting package libssh for versions less than 0.10.6-2

Details

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5318

Affected packages

Azure Linux:2 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64358.json"