CVE-2025-4877
Public on 2025-06-27
Modified on 2025-06-27
Description
bin_to_base64() (src/base64.c) can experience an integer overflow and
subsequent under allocation, leading to a write beyond bounds. The bug can
occur only in 32-bit builds.
The only problematic use case is ssh_get_fingerprint_hash() in case the API is
(mis)used and a libssh consumer passes in an unexpectedly large input buffer.
As a mitigation, the function bin_to_base64() is adjusted to not allow inputs
larger than 256MB, which is aligned with other functions that process user
input.
subsequent under allocation, leading to a write beyond bounds. The bug can
occur only in 32-bit builds.
The only problematic use case is ssh_get_fingerprint_hash() in case the API is
(mis)used and a libssh consumer passes in an unexpectedly large input buffer.
As a mitigation, the function bin_to_base64() is adjusted to not allow inputs
larger than 256MB, which is aligned with other functions that process user
input.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | libssh | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 4.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |