Lucene search
K

22 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.9 views

libssh: Write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.1AI score0.00178EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS5.9AI score0.00582EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS0.00582EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References7
CVE
CVE
added 2026/03/26 8:6 p.m.44 views

CVE-2026-0966

CVE-2026-0966 affects the libssh library with a buffer underflow in ssh_get_hexa() on invalid input. The issue occurs because ssh_get_hexa() is used by ssh_get_fingerprint_hash() and the deprecated ssh_print_hexa(), and also in gssapi logging. Remote triggering is possible when GSSAPI authenticat...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2026/02/13 12:0 a.m.4 views

UBUNTU-CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/21 12:0 a.m.3 views

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2437)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...

8.8CVSS5.8AI score0.00407EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28257

Malicious code in bioql PyPI...

4.5CVSS6.2AI score0.00178EPSS
Exploits0References4
Redos
Redos
added 2025/09/24 12:0 a.m.7 views

ROS-20250924-09

The sftpdecodechanneldatatopacket function of the libssh library has a vulnerability related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service Vulnerability in libssh library's sshgetfingerprinthash function is...

8.8CVSS8.1AI score0.0144EPSS
Exploits0
OSV
OSV
added 2025/08/20 1:15 p.m.7 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.6AI score0.00178EPSS
Exploits0References4
OSV
OSV
added 2025/08/20 1:15 p.m.4 views

DEBIAN-CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.8AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 1:15 p.m.6 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS0.00178EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/08/20 12:19 p.m.5 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS6.7AI score0.00178EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/08/20 12:19 p.m.13 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.8AI score0.00178EPSS
Exploits0
Cvelist
Cvelist
added 2025/08/20 12:19 p.m.15 views

CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS0.00178EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/08/20 12:19 p.m.4 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.1AI score0.00178EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/20 12:19 p.m.4 views

CVE-2025-4877 Libssh: write beyond bounds in binary to base64 conversion functions

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS7.7AI score0.00178EPSS
Exploits0References5
CVE
CVE
added 2025/08/20 12:19 p.m.71 views

CVE-2025-4877

CVE-2025-4877 is present in libssh and affects 32-bit builds. The vulnerability arises when a consumer passes an unexpectedly large input buffer to ssh_get_fingerprint_hash(), causing bin_to_base64() to overflow an integer, which can lead to memory under-allocation and an out-of-bounds write resu...

4.5CVSS7.4AI score0.00178EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/06/27 12:0 a.m.9 views

The vulnerability of the ssh_get_fingerprint_hash() function in the libssh library allows a hacker to execute arbitrary code.

The vulnerability of the sshgetfingerprinthash function in the libssh library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

4.5CVSS7.1AI score0.00178EPSS
Exploits0References9Affected Software10
Rows per page
Query Builder