CNNVD-202507-688 Information

CNNVD ID

CNNVD-202507-688

Related CVE

CVE-2025-5987

• CNNVD Published: 2025-07-07

Description (Chinese)

libssh是libssh组织的一个用于访问SSH服务的C语言开发包，它能够执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 libssh存在安全漏洞，该漏洞源于使用ChaCha20密码时未检测堆空间耗尽错误，可能导致数据机密性和完整性受损。

Description (English)

Libssh, a C-language development package for access to SSH services organized by Libssh, is capable of carrying out remote commands, file transfers and, at the same time, providing secure transmission channels for remote programs. There is a security loophole in libssh, which stems from the failure to detect an error in stacking space when the Chacha20 password is used, which may result in the loss of data confidentiality and integrity.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

libssh

Published

2025-07-07

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://access.redhat.com/security/cve/CVE-2025-5987 https://vigilance.fr/vulnerability/libssh-denial-of-service-via-chacha20-poly1305-set-key-47517 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://www.oracle.com/security-alerts/cpujan2026.html