usn-7619-1
Vulnerability from osv_ubuntu
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4877)
Ronald Crane discovered that libssh incorrectly handled the privatekey_from_file() function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-4878)
Ronald Crane discovered that libssh incorrectly handled certain memory operations in the sftp server. An attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2025-5318, CVE-2025-5449)
Ronald Crane discovered that libssh incorrectly handled exporting keys. An attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5351)
Ronald Crane discovered that libssh incorrectly handled the ssh_kdf() function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-5372)
Ronald Crane discovered that libssh incorrectly handled the ChaCha20 cipher. An attacker could possibly use this issue to cause libssh to use partially initialized cypher content. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5987)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-4877",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4878",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5318",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5372",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssh-4",
"binary_version": "0.9.6-2ubuntu0.22.04.4"
},
{
"binary_name": "libssh-gcrypt-4",
"binary_version": "0.9.6-2ubuntu0.22.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "libssh",
"purl": "pkg:deb/ubuntu/libssh@0.9.6-2ubuntu0.22.04.4?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.6-2ubuntu0.22.04.4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.9.6-1",
"0.9.6-1build1",
"0.9.6-2",
"0.9.6-2build1",
"0.9.6-2ubuntu0.22.04.1",
"0.9.6-2ubuntu0.22.04.2",
"0.9.6-2ubuntu0.22.04.3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-4877",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4878",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5318",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5351",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5372",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssh-4",
"binary_version": "0.10.6-2ubuntu0.1"
},
{
"binary_name": "libssh-gcrypt-4",
"binary_version": "0.10.6-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "libssh",
"purl": "pkg:deb/ubuntu/libssh@0.10.6-2ubuntu0.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.6-2ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.5-3ubuntu1",
"0.10.5-3ubuntu2",
"0.10.6-2",
"0.10.6-2build1",
"0.10.6-2build2"
]
}
],
"aliases": [],
"details": "Ronald Crane discovered that libssh incorrectly handled certain base64\nconversions. An attacker could use this issue to cause libssh to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2025-4877)\n\nRonald Crane discovered that libssh incorrectly handled the\nprivatekey_from_file() function. An attacker could use this issue to cause\nlibssh to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2025-4878)\n\nRonald Crane discovered that libssh incorrectly handled certain memory\noperations in the sftp server. An attacker could possibly use this issue\nto cause libssh to crash, resulting in a denial of service.\n(CVE-2025-5318, CVE-2025-5449)\n\nRonald Crane discovered that libssh incorrectly handled exporting keys. An\nattacker could possibly use this issue to cause libssh to crash, resulting\nin a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu\n24.10, and Ubuntu 25.04. (CVE-2025-5351)\n\nRonald Crane discovered that libssh incorrectly handled the ssh_kdf()\nfunction. An attacker could use this issue to cause libssh to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2025-5372)\n\nRonald Crane discovered that libssh incorrectly handled the ChaCha20\ncipher. An attacker could possibly use this issue to cause libssh to\nuse partially initialized cypher content. This issue only affected Ubuntu\n24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-5987)",
"id": "USN-7619-1",
"modified": "2026-04-22T07:37:22Z",
"published": "2025-07-07T12:29:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7619-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4877"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4878"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5318"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5351"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5372"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5449"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5987"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "libssh vulnerabilities",
"upstream": [
"UBUNTU-CVE-2025-4877",
"UBUNTU-CVE-2025-4878",
"UBUNTU-CVE-2025-5318",
"UBUNTU-CVE-2025-5351",
"UBUNTU-CVE-2025-5372",
"UBUNTU-CVE-2025-5449",
"UBUNTU-CVE-2025-5987"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.