Fluid Attacks Database

Description

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libssh	=0.10.5-2 \|\| =0.10.5-3 \|\| =0.10.5-3+hurd.1 \|\| =0.10.6-0+deb12u1 \|\| >=0 <0.10.6-0+deb12u2	0.10.6-0+deb12u2
debian 13	libssh	>=0 <0.11.2-1	0.11.2-1
debian 14	libssh	>=0 <0.11.2-1	0.11.2-1
rpm rhel9	libssh	<0:0.10.4-18.el9	0:0.10.4-18.el9
rpm rhel7	libssh2	-	-
rpm rhel10	libssh	-	-
rpm rhel8	libssh	-	-
rpm rhel6	libssh2	-	-

Aliases

1. CVE-2025-53512. NVD-2025-53513. OSV-DEBIAN-2025-53514. OSV-2025-53515. SECURITY-TRACKER-CVE-2025-5351

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.