{"id":"AZL-64653","summary":"CVE-2025-5351 affecting package libssh for versions less than 0.10.6-2","details":"A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.","modified":"2026-04-21T04:32:30.462126Z","published":"2025-07-04T09:15:37Z","upstream":["CVE-2025-5351"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5351"}],"affected":[{"package":{"name":"libssh","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.6-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64653.json"}}],"schema_version":"1.7.5"}