EUVD-2025-19935CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
Analysis
A security vulnerability in A flaw (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
Technical Context
Vulnerability type not specified by vendor. Affects A flaw.
Affected Products
['A flaw']
Remediation
Monitor vendor channels for patch availability.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| bionic | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| xenial | not-affected | code not present |
| noble | released | 0.10.6-2ubuntu0.1 |
| oracular | released | 0.10.6-3ubuntu1.1 |
| plucky | released | 0.11.1-1ubuntu0.1 |
| upstream | released | 0.11.2 |
Debian
Bug #1108407| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | not-affected | - | - |
| bullseye (security) | fixed | 0.9.8-0+deb11u2 | - |
| bookworm | fixed | 0.10.6-0+deb12u2 | - |
| bookworm (security) | vulnerable | 0.10.6-0+deb12u1 | - |
| trixie | fixed | 0.11.2-1+deb13u1 | - |
| forky | fixed | 0.11.3-1 | - |
| sid | fixed | 0.12.0-1 | - |
| (unstable) | fixed | 0.11.2-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today