Skip to main content

Wolfssh

4 CVEs product

Monthly

CVE-2025-15382 HIGH This Week

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte. [CVSS 8.1 HIGH]

Buffer Overflow Wolfssh
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-14942 CRITICAL Act Now

wolfSSH through 1.4.21 has a key exchange state machine vulnerability that can leak client passwords in cleartext, trick clients into sending bogus signatures, or skip user authentication entirely. A fundamental protocol implementation flaw.

Authentication Bypass Wolfssh
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-2873 CRITICAL Act Now

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wolfssh
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-32073 CRITICAL PATCH Act Now

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Wolfssh
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
EPSS 0% CVSS 8.1
HIGH This Week

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte. [CVSS 8.1 HIGH]

Buffer Overflow Wolfssh
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

wolfSSH through 1.4.21 has a key exchange state machine vulnerability that can leak client passwords in cleartext, trick clients into sending bogus signatures, or skip user authentication entirely. A fundamental protocol implementation flaw.

Authentication Bypass Wolfssh
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wolfssh
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Wolfssh
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy