CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
5 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
libssh
bullseye (security)
vulnerable
bullseye
vulnerable
bookworm
no-dsa
bookworm (security)
vulnerable
trixie
0.11.2-1
fixed
sid
0.11.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libssh
plucky
Fixed 0.11.1-1ubuntu0.1
released
oracular
Fixed 0.10.6-3ubuntu1.1
released
noble
Fixed 0.10.6-2ubuntu0.1
released
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/security/cve/CVE-2025-5987
https://bugzilla.redhat.com/show_bug.cgi?id=2376219