CNNVD-202507-423 Information

CNNVD ID

CNNVD-202507-423

Related CVE

CVE-2025-5351

• CNNVD Published: 2025-07-04

Description (Chinese)

libssh是libssh组织的一个用于访问SSH服务的C语言开发包，它能够执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 libssh 0.10.0及之前版本存在资源管理错误漏洞，该漏洞源于密钥导出功能中的内存结构释放后未清除，可能导致双重释放和堆损坏。

Description (English)

Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. Libssh 0.10.0 and previous versions contain a resource management error loophole, resulting from the release of the memory structure in the key export function, which has not been cleared and may lead to double release and stack damage.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

libssh

Published

2025-07-04

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://nvd.nist.gov/vuln/detail/CVE-2025-5351

Patch

https://www.libssh.org/