CVE-2025-4877

ADVISORY - nist

Summary

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.

EPSS Score⁠: 0.00035 (0.106)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-787⁠

Out-of-bounds Write

ADVISORY - redhat

(CWE-190|CWE-787)⁠

Impacted images

Advisories

NIST

CREATED

9 months ago

UPDATED

9 days ago

ADVISORY IDCVE-2025-4877⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-787⁠

CVSS SCORE

4.5medium

Alpine

CREATED

11 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-4877⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

11 months ago

UPDATED

29 days ago

ADVISORY IDCVE-2025-4877⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

11 months ago

UPDATED

9 months ago

ADVISORY IDCVE-2025-4877⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

9 days ago

UPDATED

2 days ago

ADVISORY IDALSA-2026:18683⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

11 months ago

UPDATED

5 months ago

ADVISORY IDCVE-2025-4877⁠

EXPLOITABILITY SCORE

1.0

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

(CWE-190|CWE-787)⁠

CVSS SCORE

4.5medium

Photon

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

CVE-2025-4877

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.5medium