JLSEC-2025-96

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-96.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-96.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2025-96

Upstream

CVE-2025-5318

Published

2025-10-19T18:40:48.457Z

Modified

2025-12-01T23:08:38.268904Z

Summary

A flaw was found in the libssh library in versions less than 0.11.2

Details

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Database specific

{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
            "imported": "2025-11-28T03:26:58.026Z",
            "id": "CVE-2025-5318",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5318",
            "published": "2025-06-24T14:15:30.523Z",
            "modified": "2025-11-27T18:15:46.597Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / libssh_jll

Package

Name: libssh_jll
Purl: pkg:julia/libssh_jll?uuid=a8d4f100-aa25-5708-be18-96e0805c2c9d

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.3+0