CVE-2025-5351

Summary

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Affected Software

VendorProductVersion RangeStatus
libsshlibssh0.10.0 < 0.11.2affected
Red HatRed Hat Enterprise Linux 90:0.10.4-18.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:0.10.4-18.el9 < *unaffected

Weaknesses

  • CWE-415: Double Free

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Administrators should apply vendor-supplied patches as soon as they become available.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References