Wolfssh: >> Wolfssh >> 1.4.0 Security Vulnerabilities
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-21
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-21
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-03-25