Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-4878

Published: June 28, 2025Last modified: July 4, 2025

Description

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

Severity score breakdown

ParameterValue
Base score3.6
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlibsshFixed (0.11.2-r0)
StreamlibsshFixed (0.11.2-r0)

References

ON THIS PAGE