Lucene search
K

15 matches found

OSV
OSV
added 2026/05/22 4:34 p.m.9 views

CLSA-2026-1779467653 libssh: Fix of 4 CVEs

CVE-2025-4877: prevent base64 integer overflow and potential OOB write - CVE-2025-4878: initialize stack pointers to mitigate use of uninitialized values in legacy privatekeyfromfile path - CVE-2025-8277: fix DH-GEX packet filter and free unused ephemeral / ECDH keys to prevent memory exhaustion...

4.5CVSS5.9AI score0.00375EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 1:44 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

8.6CVSS7AI score0.02394EPSS
Exploits4Affected Software1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in libssh

A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...

3.6CVSS6.2AI score0.00181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: libssh (UTSA-2025-991268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991268 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...

3.6CVSS7AI score0.00181EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libssh (UTSA-2025-990958)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990958 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...

3.6CVSS7AI score0.00181EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.6 views

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2299)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw...

8.1CVSS6.3AI score0.02394EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/09/04 11:13 a.m.4 views

Libssh: use of uninitialized variable in privatekey_from_file()

...

3.6CVSS7AI score0.00181EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libssh vulnerabilities (USN-7696-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7696-1 advisory. Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause...

8.1CVSS7.1AI score0.02394EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/08/14 6:35 a.m.7 views

USN-7696-1: libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

8.1CVSS7.2AI score0.02394EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/22 2:17 p.m.16 views

CVE-2025-4878 Libssh: use of uninitialized variable in privatekey_from_file()

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS0.00181EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/07/22 2:17 p.m.4 views

CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS6.6AI score0.00181EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.3 views

libssh 资源管理错误漏洞

libssh is a C development package from the libssh organization for accessing SSH services that can execute remote commands, file transfers, and also provide a secure transport channel for remote programs. A resource management error vulnerability exists in libssh that stems from the presence of...

3.6CVSS7.5AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2025/07/07 12:29 p.m.5 views

USN-7619-1 libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...

8.8CVSS7AI score0.02394EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/07/04 4:2 p.m.3 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management bsc1245311. CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in...

7.6CVSS6.8AI score0.02394EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2025/06/24 11:25 p.m.4 views

SUSE CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS6.9AI score0.00181EPSS
Exploits0References11
Rows per page
Query Builder