FKIE_CVE-2025-4877

Vulnerability from fkie_nvd - Published: 2025-08-20 13:15 - Updated: 2025-08-20 14:39
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-4877
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2376193
secalert@redhat.comhttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
secalert@redhat.comhttps://www.libssh.org/security/advisories/CVE-2025-4877.txt
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There\u0027s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it\u0027s possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en el paquete libssh: cuando un consumidor de libssh pasa un b\u00fafer de entrada inesperadamente grande a la funci\u00f3n ssh_get_fingerprint_hash(), la funci\u00f3n bin_to_base64() puede experimentar un desbordamiento de enteros que provoca una asignaci\u00f3n insuficiente de memoria. En este caso, es posible que el programa realice una escritura fuera de los l\u00edmites, lo que provoca una corrupci\u00f3n del mont\u00f3n. Este problema solo afecta a las compilaciones de 32 bits de libssh."
    }
  ],
  "id": "CVE-2025-4877",
  "lastModified": "2025-08-20T14:39:07.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-20T13:15:28.890",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-4877"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11\u0026id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.libssh.org/security/advisories/CVE-2025-4877.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.