{}

{}

{}

{"bugzilla": {"description": "libssh: Write beyond bounds in binary to base64 conversion functions", "id": "2376193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376193"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-190|CWE-787)", "details": ["No description is available for this CVE."], "name": "CVE-2025-4877", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4877\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4877"], "statement": "Red Hat Product Security classified this vulnerability as having a Moderate severity. This happens because of the complexity of the attack, the possible misusage of the libssh API and the fact the attacker may not have full control over the positions and contents written into the heap.\nNo supported Red Hat products are affected by this issue since only 32-bit builds are vulnerable.", "threat_severity": "Moderate"}