CVE-2025-46806: 
Linux Debian vulnerability analysis and mitigation

A Use of Out-of-range Pointer Offset vulnerability (CVE-2025-46806) was discovered in sslh before version 2.2.4. The vulnerability was discovered by Matthias Gerstner of the SUSE security team and was disclosed on June 2, 2025. The vulnerability affects the isopenvpnprotocol() function, where misaligned memory accesses can occur in the UDP code path (Wiz, SUSE Bug).

The vulnerability exists in the UDP code path of isopenvpnprotocol() function where uint32t pointer dereferences occur at misaligned memory locations. The issue specifically involves memory located 25 bytes after the start of the heap allocated network buffer. The vulnerability has been assigned a CVSS 4.0 score of 6.9 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (SUSE Bug).

On CPU architectures like ARM, this vulnerability can cause a SIGBUS error, leading to a denial of service condition. The impact is architecture-dependent, with x8664 systems being unaffected while other architectures may experience service disruption ([SUSE Bug](https://bugzilla.suse.com/showbug.cgi?id=CVE-2025-46806)).

The vulnerability has been fixed in sslh version 2.2.4. The fix involves using memcpy() to copy integer data into a local stack variable instead of dereferencing the pointer into the raw network data. Users are advised to upgrade to this version (GitHub Release).