CNNVD-202508-2444 Information
CNNVD ID
CNNVD-202508-2444
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
libssh是libssh组织的一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh存在缓冲区错误漏洞,该漏洞源于32位版本中处理大输入缓冲区时出现整数溢出,可能导致堆损坏。
Description (English)
Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. Libssh had an error loophole in the buffer zone, which stemmed from an integer spill in the 32-bit version of the buffer zone, which could lead to pile damage.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
libssh
Published
2025-08-20
Last Modified
2026-02-24
References
https://www.libssh.org/security/advisories/CVE-2025-4877.txt https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d https://bugzilla.redhat.com/show_bug.cgi?id=2376193 https://access.redhat.com/security/cve/CVE-2025-4877 https://nvd.nist.gov/vuln/detail/CVE-2025-4877