15 matches found
CLSA-2026-1779467653 libssh: Fix of 4 CVEs
CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...
Astra Linux – Vulnerability in libssh
A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...
Unity Linux 20.1070e Security Update: libssh (UTSA-2025-991268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991268 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libssh (UTSA-2025-990958)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990958 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...
EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2299)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw...
Libssh: use of uninitialized variable in privatekey_from_file()
...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libssh vulnerabilities (USN-7696-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7696-1 advisory. Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause...
USN-7696-1: libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
CVE-2025-4878 Libssh: use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...
libssh 资源管理错误漏洞
libssh is a C development package from the libssh organization for accessing SSH services that can execute remote commands, file transfers, and also provide a secure transport channel for remote programs. A resource management error vulnerability exists in libssh that stems from the presence of...
USN-7619-1 libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management bsc1245311. CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in...
SUSE CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...