CVE-2025-5351
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk39th percentile - higher than 39% of all known CVEs
Summary
A double-free vulnerability was found in the key export functionality of libssh. During error handling, a memory structure is freed but not cleared, potentially leading to a double free if another failure occurs. This could cause heap corruption or application instability in low-memory scenarios.
Risk Assessment
The risk for the organization includes potential heap corruption and instability in systems performing key export operations, which may lead to application crashes or data integrity issues.
Recommendation
It is recommended to immediately update libssh to a version containing the fix that eliminates the double-free issue in the key export function.
Original NVD description (English source)
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

