2376193 – (CVE-2025-4877) CVE-2025-4877 libssh: Write beyond bounds in binary to base64 conversion functions

Bug 2376193 (CVE-2025-4877) - CVE-2025-4877 libssh: Write beyond bounds in binary to base64 conversion functions

Summary: CVE-2025-4877 libssh: Write beyond bounds in binary to base64 conversion func...

Keywords:
Status:	NEW
Alias:	CVE-2025-4877
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-03 19:28 UTC by OSIDB Bzimport
Modified:	2025-08-20 12:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-03 19:28:37 UTC

bin_to_base64() (src/base64.c) can experience an integer overflow and subsequent under allocation, leading to a write beyond bounds. The bug can occur only in 32-bit builds. The only problematic use case is ssh_get_fingerprint_hash() in case the API is (mis)used and a libssh consumer passes in an unexpectedly large input buffer. As a mitigation, the function bin_to_base64() is adjusted to not allow inputs larger than 256MB, which is aligned with other functions that process user input.

Note You need to log in before you can comment on or make changes to this bug.