PT-2025-37162 · Ssh+5 · Ssh+5
Ingela Andin
+1
·
Published
2025-09-11
·
Updated
2026-02-26
·
CVE-2025-48038
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Erlang OTP versions 17.0 through 28.0.3
Erlang OTP versions 26.2.5.15 through 27.3.4.3
Erlang OTP versions 27.3.4.3
Erlang OTP versions 28.0.3
ssh versions 3.0.1 through 5.3.3
ssh versions 5.1.4.12
ssh versions 5.2.11.3
Description
An Allocation of Resources Without Limits or Throttling issue exists in Erlang OTP ssh (ssh sftp modules), potentially leading to Excessive Allocation and Resource Leak Exposure. The issue is associated with the
ssh sftpd.erl file.Recommendations
Update Erlang OTP to a version later than 28.0.3.
Update ssh to a version later than 5.3.3.
Update ssh to a version later than 5.2.11.3.
Update ssh to a version later than 5.1.4.12.
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Erlang/Otp
Linuxmint
Red Os
Ubuntu
Ssh