Wolfssh
by WolfSSL
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15382 | 0.00 | — | 0.00 | Jan 6, 2026 | A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte. | |||
| CVE-2025-14942 | 0.00 | — | 0.00 | Jan 6, 2026 | wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier.… | |||
| CVE-2025-11625 | 0.00 | — | 0.00 | Oct 21, 2025 | Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials. | |||
| CVE-2024-2873 | 0.00 | — | 0.01 | Mar 25, 2024 | A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. | |||
| CVE-2022-32073 | 0.00 | — | 0.02 | Jul 13, 2022 | WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. |
- CVE-2025-15382Jan 6, 2026risk 0.00cvss —epss 0.00
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
- CVE-2025-14942Jan 6, 2026risk 0.00cvss —epss 0.00
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier.…
- CVE-2025-11625Oct 21, 2025risk 0.00cvss —epss 0.00
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
- CVE-2024-2873Mar 25, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.
- CVE-2022-32073Jul 13, 2022risk 0.00cvss —epss 0.02
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.