Home

Description

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.

PUBLISHED Reserved 2025-05-16 | Published 2025-08-20 | Updated 2025-09-25 | Assigner redhat




MEDIUM: 4.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

Out-of-bounds Write

Product status

Default status
unaffected

Any version before 0.11.2
affected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Timeline

2025-07-03:Reported to Red Hat.
2025-06-24:Made public.

References

access.redhat.com/security/cve/CVE-2025-4877 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2376193 (RHBZ#2376193) issue-tracking

git.libssh.org/...d=6fd9cc8ce3958092a1aae11f1f2e911b2747732d

www.libssh.org/security/advisories/CVE-2025-4877.txt

cve.org (CVE-2025-4877)

nvd.nist.gov (CVE-2025-4877)

Download JSON