Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5351

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Published

2025-07-04T09:15:37.100

Last Modified

2025-08-22T13:50:58.653

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Primary
CWE-415

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libssh	libssh	< 0.11.2	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux	10.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-5351 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2369367 Issue Tracking, Third Party Advisory ([email protected])