greprules.io
Sign inSubmit rule
Explore/cve-2025-11624-wolfssh-sftp-handle-size-missing-exact-check

CVE-2025-11624: Wolfssh Sftp Handle Size Missing Exact Check

SFTP handle-size guard validates the client-supplied length against WOLFSSH_MAX_HANDLE (and the remaining packet space) but does not require it to equal sizeof(WFD) / sizeof(HANDLE). The following WMEMCPY into the fixed-size stack-allocated file-descriptor variable can then overflow up to (WOLFSSH_MAX_HANDLE - sizeof(fd)) bytes of stack memory (CWE-787). Add

Provally CuratedPublic repositoryHighHigh confidenceVerifiedApache-2.0c
greprules fetch cve-2025-11624-wolfssh-sftp-handle-size-missing-exact-check --engine opengrep

Description

SFTP handle-size guard validates the client-supplied length against WOLFSSH_MAX_HANDLE (and the remaining packet space) but does not require it to equal sizeof(WFD) / sizeof(HANDLE). The following WMEMCPY into the fixed-size stack-allocated file-descriptor variable can then overflow up to (WOLFSSH_MAX_HANDLE - sizeof(fd)) bytes of stack memory (CWE-787). Add

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Trust signals
108 downloads0 direct108 via packs
· 0 stars · Trust score 95How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata