CVE-2025-4877

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4877

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4877.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4877

Aliases

Downstream

BELL-CVE-2025-4877

DEBIAN-CVE-2025-4877

DLA-4385-1

OESA-2025-2127

OESA-2025-2128

OESA-2025-2129

OESA-2025-2130

OESA-2025-2132

OESA-2025-2294

SUSE-SU-2025:02755-1

UBUNTU-CVE-2025-4877

USN-7619-1

USN-7696-1

Related

SUSE-SU-2025:02755-1

Withdrawn

2026-01-27T04:20:17.963391Z

Published

2025-08-20T13:15:28Z

Modified

2026-01-27T04:20:17.963391Z

Severity

4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash() function. In such cases the binto_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.

References

Affected packages