← Voltar para CVEs

CVE-2025-4878

LOW

3.6

Descricao

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

Detalhes CVE

Pontuacao CVSS v3.13.6

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Vetor de ataqueLOCAL

ComplexidadeHIGH

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado7/22/2025

Ultima modificacao7/29/2025

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-416

Referencias

https://access.redhat.com/security/cve/CVE-2025-4878(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=2376184(secalert@redhat.com)

https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1(secalert@redhat.com)

https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb(secalert@redhat.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.