Memory Management Flaw in Libssh Affects System Reliability
CVE-2025-5351
4.2MEDIUM
What is CVE-2025-5351?
A vulnerability exists in the key export functionality of libssh, where an error in the internal handling of cryptographic keys can lead to improper memory management. During error conditions, a memory structure is freed without being cleared, risking a double free scenario if subsequent failures arise. This flaw can result in heap corruption, threatening the stability of applications that rely on key export operations, particularly in environments with limited memory resources.
References
CVSS V3.1
Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Ronald Crane for reporting this issue.