CVE-2025-4877
Libssh: write beyond bounds in binary to base64 conversion functions
CVSS Score
4.5
EPSS Score
0.0%
EPSS Percentile
0th
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
| CWE | CWE-787 |
| Published | Aug 20, 2025 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-4877 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2376193 git.libssh.org: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d libssh.org: https://www.libssh.org/security/advisories/CVE-2025-4877.txt