CVE-2025-5351

Libssh: double free vulnerability in libssh key export functions

Published: 7/4/2025 Last updated: 5/19/2026 Reserved: 5/30/2025

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (16)

Product	Vendor	Version
libssh	libssh	Windows 10 Version 1709 for ARM64-based Systems
Red Hat Enterprise Linux 9	Red Hat	version 15.9
Red Hat Enterprise Linux 9	Red Hat	Windows Server 2012
Red Hat Enterprise Linux 10	Red Hat	Windows Server 2012 (Server Core installation)
Red Hat Enterprise Linux 8	Red Hat	Windows Server 2012 R2
libssh	libssh	12.2.0
Red Hat Enterprise Linux 9	Red Hat	12.3.0
Red Hat Enterprise Linux 9	Red Hat	12.4.0
Red Hat Enterprise Linux 10	Red Hat	14.0.0
Red Hat Enterprise Linux 8	Red Hat	8.0
Red Hat Enterprise Linux 6	Red Hat	Windows 8.1 for 32-bit systems
Red Hat Enterprise Linux 7	Red Hat	Windows 8.1 for x64-based systems
Red Hat Enterprise Linux 7	Red Hat	7.0
Red Hat Enterprise Linux 6	Red Hat	14.1.0
Red Hat OpenShift Container Platform 4	Red Hat	Windows Server 2012 R2 (Server Core installation)
Red Hat OpenShift Container Platform 4	Red Hat	8.5

References (6)

Credits (2)

Red Hat would like to thank Ronald Crane for reporting this issue.
Red Hat would like to thank Ronald Crane for reporting this issue.