CVE-2025-5351

CWE-4158 documents8 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 69.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh Libssh Redhat Enterprise Linux Redhat Openshift Container Platform

Timeline

PublishedJul 4

Latest updateJul 8

Description

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations ar…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5libssh/libssh0.10.0 — 0.11.2

▶NVDlibssh/libssh0.10.0 — 0.11.2

▶Debianlibssh< 0.10.6-0+deb12u2+2

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

🔴Vulnerability Details

GHSA

GHSA-pfqf-mv4p-9j4r: A flaw was found in the key export functionality of libssh↗2025-07-04

▶

OSV

CVE-2025-5351: A flaw was found in the key export functionality of libssh↗2025-07-04

▶

CVEList

Libssh: double free vulnerability in libssh key export functions↗2025-07-04

▶

📋Vendor Advisories

Microsoft

Libssh: double free vulnerability in libssh key export functions↗2025-07-08

▶

Ubuntu

libssh vulnerabilities↗2025-07-07

▶

Red Hat

libssh: Double Free Vulnerability in libssh Key Export Functions↗2025-06-24

▶

Debian

CVE-2025-5351: libssh - A flaw was found in the key export functionality of libssh. The issue occurs in ...↗2025

▶