fkie_cve-2025-4877
Vulnerability from fkie_nvd
Published
2025-08-20 13:15
Modified
2025-08-20 14:39
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-4877
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2376193
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
secalert@redhat.comhttps://www.libssh.org/security/advisories/CVE-2025-4877.txt
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en el paquete libssh: cuando un consumidor de libssh pasa un b\u00fafer de entrada inesperadamente grande a la funci\u00f3n ssh_get_fingerprint_hash(), la funci\u00f3n bin_to_base64() puede experimentar un desbordamiento de enteros que provoca una asignaci\u00f3n insuficiente de memoria. En este caso, es posible que el programa realice una escritura fuera de los l\u00edmites, lo que provoca una corrupci\u00f3n del mont\u00f3n. Este problema solo afecta a las compilaciones de 32 bits de libssh."
    }
  ],
  "id": "CVE-2025-4877",
  "lastModified": "2025-08-20T14:39:07.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.4,
        "source": "secalert@redhat.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-20T13:15:28.890",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4877"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.libssh.org/security/advisories/CVE-2025-4877.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.