{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T08:15:36.243","vulnerabilities":[{"cve":{"id":"CVE-2025-4877","sourceIdentifier":"secalert@redhat.com","published":"2025-08-20T13:15:28.890","lastModified":"2026-05-19T14:16:28.457","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption.\nThis issue affects only 32-bits builds of libssh."},{"lang":"es","value":"Existe una vulnerabilidad en el paquete libssh: cuando un consumidor de libssh pasa un búfer de entrada inesperadamente grande a la función ssh_get_fingerprint_hash(), la función bin_to_base64() puede experimentar un desbordamiento de enteros que provoca una asignación insuficiente de memoria. En este caso, es posible que el programa realice una escritura fuera de los límites, lo que provoca una corrupción del montón. Este problema solo afecta a las compilaciones de 32 bits de libssh."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":3.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:18683","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-4877","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376193","source":"secalert@redhat.com"},{"url":"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d","source":"secalert@redhat.com"},{"url":"https://www.libssh.org/security/advisories/CVE-2025-4877.txt","source":"secalert@redhat.com"}]}}]}