CVE
EEF-CVE-2025-48041
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (sshsftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl.
This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-
Related Resources
No items found.
References
https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3, https://www.erlang.org/doc/system/versions.html#order-of-versions, https://github.com/erlang/otp/pull/10157, https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288, https://github.com/erlang/otp/commit/d49efa2d4fa9e6f7ee658719cd76ffe7a33c2401
Basic Information
Ecosystem
