CVE-2025-5351
Public on 2025-06-25
Modified on 2025-06-25
Description
pki_key_to_blob() can cause a double free on certain errors when using OpenSSL
>= 3.0. The function is used by different other functions which allow to
export public or private keys to blobs or base64.
The function is using the variable params without resetting it to NULL after
free. In case of low-memory conditions when the allocation of string fails,
the libssh calls the OSSL_PARAM_free() with the same arguments, which will
likely crash.
>= 3.0. The function is used by different other functions which allow to
export public or private keys to blobs or base64.
The function is using the variable params without resetting it to NULL after
free. In case of low-memory conditions when the allocation of string fails,
the libssh calls the OSSL_PARAM_free() with the same arguments, which will
likely crash.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | libssh | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L |