CVE-2025-5372

Summary

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
libsshlibssh0 < 0.11.2affected
Red HatRed Hat Enterprise Linux 80:0.9.6-16.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 80:0.9.6-16.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:0.9.4-2.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:0.9.4-2.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:0.9.6-4.el8_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On0:0.9.6-4.el8_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:0.9.6-13.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:0.9.6-13.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:0.9.6-3.el9_0.2 < *unaffected

Weaknesses

  • CWE-682: Incorrect Calculation

Workarounds

To mitigate this issue, administrators should ensure that libssh is built against OpenSSL version 3.0 or later. This change eliminates the return code mismatch and prevents the erroneous use of uninitialized key material. It is also strongly recommended to apply vendor supplied patches or update to the latest libssh security release as soon as possible.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References