CNNVD-202507-386 Information
CNNVD ID
CNNVD-202507-386
Related CVE
- CNNVD Published: 2025-07-04
Description (Chinese)
libssh是libssh组织的一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh存在安全漏洞,该漏洞源于ssh_kdf函数返回值解释不一致,可能导致使用未初始化的加密密钥缓冲区。
Description (English)
Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. There is a security loophole in libssh, which stems from inconsistent interpretations of the return value of the ssh kdf function, which may lead to the use of an uninitialized encryption key buffer zone.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
libssh
Published
2025-07-04
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-5372 https://bugzilla.redhat.com/show_bug.cgi?id=2369388 https://nvd.nist.gov/vuln/detail/CVE-2025-5372 https://vigilance.fr/vulnerability/libssh-read-write-access-via-ssh-kdf-47515 https://www.oracle.com/security-alerts/cpujan2026.html