File tree Expand file tree Collapse file tree 1 file changed +8
-1
lines changed
Expand file tree Collapse file tree 1 file changed +8
-1
lines changed Original file line number Diff line number Diff line change 99 and earlier. Users of wolfSSH must update or apply the fix patch and it’s
1010 recommended to update credentials used. This fix is also recommended for
1111 wolfSSH server applications. While there aren’t any specific attacks, the
12- same defect is present.
12+ same defect is present. (PR 855)
13+ - [ Medium] CVE-2025 -15382. The function used to clean up a path string may read
14+ one byte off the end of the bounds of the string. The function is used by the
15+ SCP handling in wolfSSH. This affects server applications with wolfSSH
16+ versions 1.4.12 through 1.4.21, inclusive. Thanks to Luigino Camastra from
17+ Aisle Research for the report.(PR 859)
1318
1419## New Features
1520
5055
5156## Fixes
5257
58+ - Fix off-by-1 read error when cleaning the file path for SCP and SFTP. (PR
59+ 859 )
5360- Fixed incorrect handling of zero-length SSH strings in packet parsing. (PR
5461 857 )
5562- Fixed a worker-thread deadlock caused by blocked sends preventing
You can’t perform that action at this time.
0 commit comments