CNNVD-202507-2883 Information

CNNVD ID

CNNVD-202507-2883

Related CVE

CVE-2025-4878

• CNNVD Published: 2025-07-22

Description (Chinese)

libssh是libssh组织的一个用于访问SSH服务的C语言开发包，它能够执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 libssh存在资源管理错误漏洞，该漏洞源于privatekey_from_file函数在某些条件下存在未初始化变量，可能导致签名失败或堆损坏。

Description (English)

Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. Libssh has a resource management error loophole, which stems from the non-initiation variable in the privatekey from file function under certain conditions, which may lead to a signature failure or stack damage.

Hazard Level

Critical

Vulnerability Type

资源管理错误

Affected Vendor

libssh

Published

2025-07-22

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://nvd.nist.gov/vuln/detail/CVE-2025-4878