CVE-2025-5351
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-04

Last updated on: 2025-08-22

Assigner: Red Hat, Inc.

Description
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-04
Last Modified
2025-08-22
Generated
2026-05-07
AI Q&A
2025-07-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5351
EUVD
EUVD-2025-19935
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 8.0
libssh libssh From 0.10.0 (inc) to 0.11.2 (inc)
redhat openshift_container_platform 4.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a double free flaw in the libssh library's key export functionality, specifically in the pki_key_to_blob() function. When libssh is built with OpenSSL 3.0 or later, during error handling, a memory structure called "params" is freed but not cleared. If another error occurs afterward, the same memory is freed again, leading to undefined behavior such as process crashes or heap corruption. [1]


How can this vulnerability impact me? :

This vulnerability can cause application instability or crashes when exporting SSH key material using libssh, especially under low-memory conditions. Exploiting this flaw requires authenticated access and specific memory failure conditions. The impact is medium severity and mainly affects system reliability where key export operations are performed. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves verifying if your system is running libssh versions 0.10.0 or above compiled with OpenSSL 3.0 or newer. You can check the libssh version installed using commands like 'ssh -V' or by querying your package manager (e.g., 'dpkg -l | grep libssh' on Debian-based systems or 'rpm -qa | grep libssh' on Red Hat-based systems). Additionally, monitoring application logs for crashes or instability during key export operations may indicate exploitation attempts. There are no specific network detection commands provided for this vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating libssh to a version where this vulnerability is fixed, especially ensuring it is built against a patched OpenSSL version. If an update is not immediately possible, restrict authenticated access to services using libssh key export functionality to trusted users only, and monitor for unusual application crashes or instability. Avoid performing key export operations in low-memory conditions until patched. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart