CVE-2025-5351

Medium CVSS: 6.5

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Vendor

Libssh

Product

Libssh

CWE

CWE-415

Yayın Tarihi

2025-07-04 09:15:37

Güncelleme

2026-01-08 04:15:54

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-415 Libssh MEDIUM Libssh 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367

Benzer Kayıtlar

Critical

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a m…

Low

CVE-2026-0965

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker c…

Medium

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could cra…

Medium

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sft…

Medium

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length…

Medium

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key e…