EUVD-2025-19931CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Tags
Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Analysis
A security vulnerability in libssh (CVSS 5.0). Remediation should follow standard vulnerability management procedures.
Technical Context
Vulnerability type not specified by vendor. Affects libssh.
Affected Products
['libssh']
Remediation
Monitor vendor channels for patch availability.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | released | 0.9.6-2ubuntu0.22.04.4 |
| noble | released | 0.10.6-2ubuntu0.1 |
| oracular | released | 0.10.6-3ubuntu1.1 |
| plucky | released | 0.11.1-1ubuntu0.1 |
| upstream | released | 0.11.2 |
| xenial | ignored | changes too intrusive |
| bionic | ignored | changes too intrusive |
| focal | ignored | changes too intrusive |
Debian
Bug #1108407| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 0.9.8-0+deb11u2 | - |
| bullseye (security) | fixed | 0.9.8-0+deb11u2 | - |
| bookworm | fixed | 0.10.6-0+deb12u2 | - |
| bookworm (security) | vulnerable | 0.10.6-0+deb12u1 | - |
| trixie | fixed | 0.11.2-1+deb13u1 | - |
| forky | fixed | 0.11.3-1 | - |
| sid | fixed | 0.12.0-1 | - |
| (unstable) | fixed | 0.11.2-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today