PT-2025-37164 · Ssh+5 · Ssh+5

Ingela Andin

Publicado

2025-09-11

Atualizado

2026-06-05

CVE-2025-48040

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3

Description An uncontrolled resource consumption issue exists in Erlang OTP ssh (ssh sftp modules), allowing excessive allocation and flooding. The issue is associated with the ssh sftpd.erl file.

Recommendations Update Erlang OTP to a version later than 28.0.3. Update ssh to a version later than 5.3.3. Update ssh to a version later than 5.2.11.3. Update ssh to a version later than 5.1.4.12.

Correção

DoS

Allocation of Resources Without Limits

Uncontrolled Recursion

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-674CWE-400

Identificadores relacionados

AZL-67278

AZL-67293

BDU:2025-13917

CVE-2025-48040

GHSA-H7RG-6RJG-4CPH

OESA-2026-1027

OESA-2026-1028

OESA-2026-1029

OESA-2026-1032

OPENSUSE-SU-2026:20043-1

SUSE-SU-2026:0023-1

SUSE-SU-2026:0661-1

SUSE-SU-2026:20088-1

USN-7831-1

Produtos afetados

Debian

Erlang/Otp

Linuxmint

Red Os

Ubuntu

Ssh

PT-2025-37164 · Ssh+5 · Ssh+5

CVE-2025-48040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 47