CVE-2025-15382
Published
CVSS v3
8.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
GitHub