UBUNTU-CVE-2025-4878
- Source
- https://ubuntu.com/security/CVE-2025-4878
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-4878.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-4878
- Upstream
- Downstream
- Related
- Published
- 2025-06-25T00:00:00Z
- Modified
- 2025-08-20T04:58:00Z
- Severity
-
- 3.6 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.6.3-4.3ubuntu0.6+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.6.3-4.3ubuntu0.6+esm2
Affected versions
0.*
0.6.3-3ubuntu3
0.6.3-4.1
0.6.3-4.2
0.6.3-4.2ubuntu1
0.6.3-4.3
0.6.3-4.3ubuntu0.1
0.6.3-4.3ubuntu0.2
0.6.3-4.3ubuntu0.5
0.6.3-4.3ubuntu0.6
0.6.3-4.3ubuntu0.6+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-4"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-dbg"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-dev-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-gcrypt-dev"
},
{
"binary_version": "0.6.3-4.3ubuntu0.6+esm2",
"binary_name": "libssh-gcrypt-dev-dbgsym"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4
Affected versions
0.*
0.7.5-1
0.8.0~20170825.94fa1e38-1
0.8.0~20170825.94fa1e38-1build1
0.8.0~20170825.94fa1e38-1ubuntu0.1
0.8.0~20170825.94fa1e38-1ubuntu0.2
0.8.0~20170825.94fa1e38-1ubuntu0.5
0.8.0~20170825.94fa1e38-1ubuntu0.6
0.8.0~20170825.94fa1e38-1ubuntu0.7
0.8.0~20170825.94fa1e38-1ubuntu0.7+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-4"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4",
"binary_name": "libssh-gcrypt-dev"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:Pro:20.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.9.3-2ubuntu2.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.3-2ubuntu2.5+esm1
Affected versions
0.*
0.9.0-1ubuntu1
0.9.0-1ubuntu4
0.9.0-1ubuntu5
0.9.3-2ubuntu1
0.9.3-2ubuntu2
0.9.3-2ubuntu2.1
0.9.3-2ubuntu2.2
0.9.3-2ubuntu2.3
0.9.3-2ubuntu2.4
0.9.3-2ubuntu2.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-4"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.9.3-2ubuntu2.5+esm1",
"binary_name": "libssh-gcrypt-dev"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Ubuntu:22.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.9.6-2ubuntu0.22.04.4?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.6-2ubuntu0.22.04.4
Affected versions
0.*
0.9.6-1
0.9.6-1build1
0.9.6-2
0.9.6-2build1
0.9.6-2ubuntu0.22.04.1
0.9.6-2ubuntu0.22.04.2
0.9.6-2ubuntu0.22.04.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-4"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.9.6-2ubuntu0.22.04.4",
"binary_name": "libssh-gcrypt-dev"
}
],
"availability": "No subscription required"
}
Ubuntu:24.04:LTS / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.10.6-2ubuntu0.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.10.6-2ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-4"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-doc"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-gcrypt-4"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-gcrypt-4-dbgsym"
},
{
"binary_version": "0.10.6-2ubuntu0.1",
"binary_name": "libssh-gcrypt-dev"
}
],
"availability": "No subscription required"
}
Ubuntu:25.04 / libssh
Package
- Name
- libssh
- Purl
- pkg:deb/ubuntu/libssh@0.11.1-1ubuntu0.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.11.1-1ubuntu0.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "0.11.1-1ubuntu0.1",
"binary_name": "libssh-4"
},
{
"binary_version": "0.11.1-1ubuntu0.1",
"binary_name": "libssh-4-dbgsym"
},
{
"binary_version": "0.11.1-1ubuntu0.1",
"binary_name": "libssh-dev"
},
{
"binary_version": "0.11.1-1ubuntu0.1",
"binary_name": "libssh-doc"
}
],
"availability": "No subscription required"
}