VYPR

Wolfssh

by WolfSSL

Source repositories

CVEs (5)

  • CVE-2025-15382Jan 6, 2026
    risk 0.00cvss epss 0.00

    A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.

  • CVE-2025-14942Jan 6, 2026
    risk 0.00cvss epss 0.00

    wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier.…

  • CVE-2025-11625Oct 21, 2025
    risk 0.00cvss epss 0.00

    Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.

  • CVE-2024-2873Mar 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

  • CVE-2022-32073Jul 13, 2022
    risk 0.00cvss epss 0.02

    WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.