VYPR

rpm package

suse/libssh&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (4)

  • CVE-2025-4877MedAug 20, 2025
    affected < 0.9.8-3.15.1fixed 0.9.8-3.15.1

    There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when

  • CVE-2025-4878LowJul 22, 2025
    affected < 0.9.8-3.15.1fixed 0.9.8-3.15.1

    A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption

  • CVE-2025-5372MedJul 4, 2025
    affected < 0.9.8-3.15.1fixed 0.9.8-3.15.1

    A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the fu

  • CVE-2025-5318Jun 24, 2025
    affected < 0.9.8-3.15.1fixed 0.9.8-3.15.1

    A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, w