CVE-2025-5351
published 2025-07-04CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libssh | < libssh 0.10.6-0+deb12u2 (bookworm) | libssh 0.10.6-0+deb12u2 (bookworm) |
| libssh | libssh | >= 0 < 0.10.6-0+deb12u2 | 0.10.6-0+deb12u2 |
| libssh | libssh | >= 0 < 0.11.2-1 | 0.11.2-1 |
| libssh | libssh | >= 0 < 0.11.2-1 | 0.11.2-1 |
| libssh | libssh | >= 0 < 0.9.6-2ubuntu0.22.04.4 | 0.9.6-2ubuntu0.22.04.4 |
| libssh | libssh | >= 0 < 0.10.6-2ubuntu0.1 | 0.10.6-2ubuntu0.1 |
| libssh | libssh | >= 0.10.0 < 0.11.2 | 0.11.2 |
| msrc | azl3_libssh_0.10.6-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libssh_0.10.6-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libssh_0.10.6-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libssh_0.10.6-2_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM