rpm package
suse/libssh&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4877 | Med | 4.5 | < 0.9.8-150400.3.9.1 | 0.9.8-150400.3.9.1 | Aug 20, 2025 | There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when | |
| CVE-2025-4878 | Low | 3.6 | < 0.9.8-150400.3.9.1 | 0.9.8-150400.3.9.1 | Jul 22, 2025 | A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption | |
| CVE-2025-5372 | Med | 5.0 | < 0.9.8-150400.3.9.1 | 0.9.8-150400.3.9.1 | Jul 4, 2025 | A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the fu | |
| CVE-2025-5318 | — | < 0.9.8-150400.3.9.1 | 0.9.8-150400.3.9.1 | Jun 24, 2025 | A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, w |
- affected < 0.9.8-150400.3.9.1fixed 0.9.8-150400.3.9.1
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when
- affected < 0.9.8-150400.3.9.1fixed 0.9.8-150400.3.9.1
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption
- affected < 0.9.8-150400.3.9.1fixed 0.9.8-150400.3.9.1
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the fu
- CVE-2025-5318Jun 24, 2025affected < 0.9.8-150400.3.9.1fixed 0.9.8-150400.3.9.1
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, w