UBUNTU-CVE-2025-5351

Details

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Affected Packages

Ubuntu:24.10libssh

Affected versions:

0.10.6-2build20.10.6-30.10.6-3ubuntu1

Fixed in:

0.10.6-3ubuntu1.1

Ubuntu:24.04:LTSlibssh

Affected versions:

0.10.5-3ubuntu10.10.5-3ubuntu20.10.6-20.10.6-2build10.10.6-2build2

Fixed in:

0.10.6-2ubuntu0.1

Ubuntu:25.04libssh

Affected versions:

0.10.6-3ubuntu10.11.1-1

Fixed in:

0.11.1-1ubuntu0.1

References

REPORThttps://ubuntu.com/security/CVE-2025-5351 ADVISORYhttps://ubuntu.com/security/notices/USN-7619-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2025-5351 REPORThttps://www.libssh.org/security/advisories/CVE-2025-5351.txt

UBUNTU-CVE-2025-5351

Details

Affected Packages

References

CVSS Analysis

Upstream

Related

Ecosystems

Timeline