HIGH🇬🇧 English

CVE-2025-5987

CVSS 8.1v3.1pub. 2025-07-07upd. 2026-06-30

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libssh

    APP
    Libssh
    0.10.0 – 0.11.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-10933CRITICAL9.1ten sam produkt

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious c...

CVE-2025-14821HIGH7.8ten sam produkt

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of ...

CVE-2026-0966HIGH8.2ten sam produkt

A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when proces...

CVE-2025-5318HIGH8.1ten sam produkt

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in...

CVE-2019-14889HIGH8.8ten sam produkt

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When th...