« List of all CVEs

CVE-2025-5372

Libssh: incorrect return code handling in ssh_kdf() in libssh

Published: 7/4/2025 Last updated: 6/8/2026 Reserved: 5/30/2025

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5 Medium CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Opam packages affected (1)

libssh

Products affected (26)

Product Vendor Version
libssh libssh n/a
Red Hat Enterprise Linux 8 Red Hat 2.1
Red Hat Enterprise Linux 8 Red Hat n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat <= 1.24.1
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat < n/a
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat Zingbox Inspector, versions 1.286 and earlier.
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Versions before 6.4.1.2.
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Red Hat 6.0.3
Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat 6.0.4
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat 2008 for 32-bit Systems Service Pack 2
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat 2008 for x64-based Systems Service Pack 2
Red Hat Enterprise Linux 9 Red Hat 2008 for x64-based Systems Service Pack 2 (Core installation)
Red Hat Enterprise Linux 9 Red Hat 10 Version 1709 for 32-bit Systems
libssh libssh < 71.0.3578.80
Red Hat Enterprise Linux 8 Red Hat 2012 R2 (Core installation)
Red Hat Enterprise Linux 8 Red Hat See provided reference
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat 2019
Red Hat Enterprise Linux 6 Red Hat n/a
Red Hat Enterprise Linux 7 Red Hat 0.31 and earlier
Red Hat Enterprise Linux 6 Red Hat Cisco Small Business 300 Series Managed Switches unknown
Red Hat Enterprise Linux 7 Red Hat libwebp 1.0.1
Red Hat OpenShift Container Platform 4 Red Hat 9.1.0.0
Red Hat OpenShift Container Platform 4 Red Hat n/a

References (12)