CVE-2025-4877

MEDIUM EPSS 7.6%
Published Aug 20, 202510mo ago · Modified Jun 17, 20261w ago
4.5 CVSS 3.1
Medium
Find Similar
Published Aug 20, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.

CVSS Details

Base Score
4.5
Exploitability
1.0
Impact
3.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

References 5

  • access.redhat.com https://access.redhat.com/errata/RHSA-2026:18683
  • access.redhat.com https://access.redhat.com/security/cve/CVE-2025-4877
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2376193
  • git.libssh.org https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d
  • libssh.org https://www.libssh.org/security/advisories/CVE-2025-4877.txt

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.