CVE-2025-5318
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due
CVSS
8.1
Alto
EPSS
2.4%
p83
KEV
—
Exploit Today
25
0-100
Publicado: 24 jun 2025 · Última mod.: 30 jun 2026 · CWE-125
2.4%EPSS · 30 días2.4%
2026-06-302026-07-16
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:18231
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:18275
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:18286
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19012
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19098
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19101
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19295
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19300
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19313
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19400
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19401
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19470
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19472
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19807
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:19864
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:20943
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:21013
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:21329
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:21829
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:22275
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-48915.3 MED92.7%
——28A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.2dCVE-2022-274067.5 ALT87.5%
——26FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.8dCVE-2022-274057.5 ALT84.9%
——25FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.8dCVE-2025-92325.9 MED79.5%
——24Issue summary: An application using the OpenSSL HTTP client API functions may
trigger an out-of-bounds read if the 'no_proxy' environment variable is set and
the host portion of the authority component of the HTTP URL is an IPv6 address.
Impact summary: An out-of-bounds read can trigger a crash which leads to
Denial of Service for an application.
The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL. However the URLs used
by these implementations are unlikely to be controlled by an attacker.
In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a 'no_proxy' environment variable set. For the aforementioned reasons the
issue was assessed as Low severity.
The vulnerable code was introduced in the following patch releases:
3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the HTTP client implementation is outside the OpenSSL FIPS module
boundary.3dCVE-2026-59467.5 ALT76.2%
——23Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.2dCVE-2025-92307.5 ALT75.2%
——23Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.3d