Memory Management Flaw in Libssh Affects System Reliability
CVE-2025-5351

4.2MEDIUM

What is CVE-2025-5351?

A vulnerability exists in the key export functionality of libssh, where an error in the internal handling of cryptographic keys can lead to improper memory management. During error conditions, a memory structure is freed without being cleared, risking a double free scenario if subsequent failures arise. This flaw can result in heap corruption, threatening the stability of applications that rely on key export operations, particularly in environments with limited memory resources.

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Ronald Crane for reporting this issue.
.
CVE-2025-5351 : Memory Management Flaw in Libssh Affects System Reliability