1815 matches found
SUSE CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenl...
Linux Distros Unpatched Vulnerability : CVE-2025-5318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect...
Linux Distros Unpatched Vulnerability : CVE-2025-5987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected...
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
DEBIAN-CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
CVE-2025-4877
CVE-2025-4877 is present in libssh and affects 32-bit builds. The vulnerability arises when a consumer passes an unexpectedly large input buffer to ssh_get_fingerprint_hash(), causing bin_to_base64() to overflow an integer, which can lead to memory under-allocation and an out-of-bounds write resu...
CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...
Critical Photon OS Security Update - PHSA-2025-4.0-0856
Updates of 'libssh', 'docker' packages of Photon OS have been released...
Ubuntu: Security Advisory (USN-7696-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libssh 缓冲区错误漏洞
libssh is a C development package from the libssh organization for accessing SSH services, which are capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A buffer error vulnerability exists in libssh that stems from an integer...
Linux Distros Unpatched Vulnerability : CVE-2025-5372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to...
SUSE-SU-2025:20596-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
SUSE-SU-2025:20557-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
USN-7696-1: libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...