CVE-2025-4877Out-of-bounds Write in Libssh

CWE-787Out-of-bounds Write10 documents7 sources
Severity
4.5MEDIUMNVD
EPSS
0.0%
top 94.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LibsshDebian LibsshMsrc Azl3 Libssh 0.10.6-2 ON Azure Linux 3.0+1 more
Timeline
PublishedAug 20

Description

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages5 packages

debiandebian/libssh< libssh 0.10.6-0+deb12u2 (bookworm)
Debianlibssh/libssh< 0.9.8-0+deb11u2+3
Ubuntulibssh/libssh< 0.9.6-2ubuntu0.22.04.4+4

🔴Vulnerability Details

4
OSV
CVE-2025-4877: There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash()2025-08-20
GHSA
GHSA-pwrf-jm93-99r3: There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash()2025-08-20
OSV
libssh vulnerabilities2025-08-14
OSV
libssh vulnerabilities2025-07-07

📋Vendor Advisories

5
Ubuntu
libssh vulnerabilities2025-08-14
Microsoft
Libssh: write beyond bounds in binary to base64 conversion functions2025-08-12
Ubuntu
libssh vulnerabilities2025-07-07
Red Hat
libssh: Write beyond bounds in binary to base64 conversion functions2025-06-24
Debian
CVE-2025-4877: libssh - There's a vulnerability in the libssh package where when a libssh consumer passe...2025