Untriaged
Permalink
CVE-2025-4878
3.6 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Libssh: use of uninitialized variable in privatekey_from_file()
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.
References
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f…
- https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d4719477…
- https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f…
- https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d4719477…
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f…
- https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d4719477…
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f…
- https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d4719477…
- https://access.redhat.com/security/cve/CVE-2025-4878 x_refsource_REDHAT vdb-entry
- RHBZ#2376184 issue-tracking x_refsource_REDHAT
- https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f…
- https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d4719477…
Affected products
rhcos
libssh
- <0.11.2
libssh2
Matching in nixpkgs
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.haskellPackages.libssh
libssh bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
-
nixos-unstable -
- nixpkgs-unstable libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>