← Zuruck zu CVEs

CVE-2025-4878

LOW

3.6

Beschreibung

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

CVE Details

CVSS v3.1 Bewertung3.6

SchweregradLOW

CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

AngriffsvektorLOCAL

KomplexitatHIGH

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht7/22/2025

Zuletzt geandert7/29/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-416

Referenzen

https://access.redhat.com/security/cve/CVE-2025-4878(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=2376184(secalert@redhat.com)

https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1(secalert@redhat.com)

https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb(secalert@redhat.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.