libssh SFTP Server NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in libssh, where a malicious SFTP server can exploit the application by sending a malformed 'longname' field within an 'SSH_FXP_NAME' message during file listing operations. This flaw arises from a missing null check, allowing the server to send data that the application does not properly validate, leading to a null pointer dereference. Such dereferences can cause the application to read beyond the allocated memory on the heap, potentially leading to application crashes or other unexpected behaviors.

Impact

Exploitation of this vulnerability causes the application to crash, exit, or restart. However, in rare cases, it could allow a malicious SFTP server to read or write memory, and possibly execute unauthorized code, especially if the server can manipulate memory addresses in a way that exploits this vulnerability.