Home

Description

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

PUBLISHED Reserved 2025-06-10 | Published 2025-07-07 | Updated 2026-03-20 | Assigner redhat




HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Return of Wrong Status Code

Product status

Default status
unaffected

0.10.0 (semver) before 0.11.2
affected

Default status
affected

0:0.11.1-5.el10_1 (rpm) before *
unaffected

Default status
affected

0:0.11.1-4.el10_0.1 (rpm) before *
unaffected

Default status
affected

0:0.10.4-17.el9_7 (rpm) before *
unaffected

Default status
affected

0:0.10.4-17.el9_7 (rpm) before *
unaffected

Default status
affected

0:0.10.4-9.el9_2.2 (rpm) before *
unaffected

Default status
affected

0:0.10.4-13.el9_4.2 (rpm) before *
unaffected

Default status
affected

0:0.10.4-15.el9_6.1 (rpm) before *
unaffected

Default status
affected

413.92.202602240113-0 (rpm) before *
unaffected

Default status
affected

414.92.202601191325-0 (rpm) before *
unaffected

Default status
affected

415.92.202601271320-0 (rpm) before *
unaffected

Default status
affected

416.94.202601160124-0 (rpm) before *
unaffected

Default status
affected

417.94.202601120213-0 (rpm) before *
unaffected

Default status
affected

418.94.202601202224-0 (rpm) before *
unaffected

Default status
affected

9.6.20260123-0 (rpm) before *
unaffected

Default status
affected

4.20.9.6.202601211057-0 (rpm) before *
unaffected

Default status
unknown

Default status
unknown

Default status
unaffected

Timeline

2025-07-03:Reported to Red Hat.
2025-04-26:Made public.

References

access.redhat.com/errata/RHSA-2025:23483 (RHSA-2025:23483) vendor-advisory

access.redhat.com/errata/RHSA-2025:23484 (RHSA-2025:23484) vendor-advisory

access.redhat.com/errata/RHSA-2026:0427 (RHSA-2026:0427) vendor-advisory

access.redhat.com/errata/RHSA-2026:0428 (RHSA-2026:0428) vendor-advisory

access.redhat.com/errata/RHSA-2026:0430 (RHSA-2026:0430) vendor-advisory

access.redhat.com/errata/RHSA-2026:0431 (RHSA-2026:0431) vendor-advisory

access.redhat.com/errata/RHSA-2026:0702 (RHSA-2026:0702) vendor-advisory

access.redhat.com/errata/RHSA-2026:0978 (RHSA-2026:0978) vendor-advisory

access.redhat.com/errata/RHSA-2026:0980 (RHSA-2026:0980) vendor-advisory

access.redhat.com/errata/RHSA-2026:0985 (RHSA-2026:0985) vendor-advisory

access.redhat.com/errata/RHSA-2026:0996 (RHSA-2026:0996) vendor-advisory

access.redhat.com/errata/RHSA-2026:1539 (RHSA-2026:1539) vendor-advisory

access.redhat.com/errata/RHSA-2026:1541 (RHSA-2026:1541) vendor-advisory

access.redhat.com/errata/RHSA-2026:3415 (RHSA-2026:3415) vendor-advisory

access.redhat.com/security/cve/CVE-2025-5987 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2376219 (RHBZ#2376219) issue-tracking

www.libssh.org/security/advisories/CVE-2025-5987.txt

cve.org (CVE-2025-5987)

nvd.nist.gov (CVE-2025-5987)

Download JSON