AZL-65646

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65646.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-65646

Upstream

CVE-2025-4878

Published

2025-07-22T15:15:36Z

Modified

2026-04-21T04:37:39.076583Z

Summary

CVE-2025-4878 affecting package libssh for versions less than 0.10.6-3

Details

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4878

Affected packages

Azure Linux:3 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65646.json"