Skip to content

Release v1.4.22 #860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JacobBarthelmeh merged 1 commit into from
Dec 31, 2025
+8 −1
Merged

Release v1.4.22 #860

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion ChangeLog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@
and earlier. Users of wolfSSH must update or apply the fix patch and it’s
recommended to update credentials used. This fix is also recommended for
wolfSSH server applications. While there aren’t any specific attacks, the
same defect is present.
same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier
Levillain of Telecom SudParis for the report. (PR 855)
- [Medium] CVE-2025-15382. The function used to clean up a path string may read
one byte off the end of the bounds of the string. The function is used by the
SCP handling in wolfSSH. This affects server applications with wolfSSH
versions 1.4.12 through 1.4.21, inclusive. Thanks to Luigino Camastra from
Aisle Research for the report. (PR 859)

## New Features

Expand Down Expand Up @@ -50,6 +56,7 @@

## Fixes

- Fix off-by-1 read error when cleaning the file path for SCP. (PR 859)
- Fixed incorrect handling of zero-length SSH strings in packet parsing. (PR
857)
- Fixed a worker-thread deadlock caused by blocked sends preventing
Expand Down