Home

Description

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

PUBLISHED Reserved 2025-05-30 | Published 2025-07-04 | Updated 2026-05-19 | Assigner redhat




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

Double Free

Product status

Default status
unaffected

0.10.0 (semver) before 0.11.2
affected

Default status
affected

0:0.10.4-18.el9 (rpm) before *
unaffected

Default status
affected

0:0.10.4-18.el9 (rpm) before *
unaffected

Default status
affected

Default status
unknown

Default status
unknown

Default status
affected

Default status
affected

Timeline

2025-05-30:Reported to Red Hat.
2025-06-24:Made public.

Credits

Red Hat would like to thank Ronald Crane for reporting this issue.

References

access.redhat.com/errata/RHSA-2026:18683 (RHSA-2026:18683) vendor-advisory

access.redhat.com/security/cve/CVE-2025-5351 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2369367 (RHBZ#2369367) issue-tracking

cve.org (CVE-2025-5351)

nvd.nist.gov (CVE-2025-5351)

Download JSON