{"id":"CVE-2025-5351","details":"A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.","modified":"2026-04-10T05:30:50.259191Z","published":"2025-07-04T09:15:37.100Z","related":["SUSE-SU-2025:20557-1","SUSE-SU-2025:20596-1","openSUSE-SU-2025:15243-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-5351"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369367"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libssh/libssh-mirror","events":[{"introduced":"7f6b3fab4e8d4b97e73d5ca60ddc5a3d0f5880d2"},{"fixed":"dff6c0821ed54f6fbf5b755af43f54cbb723b1b1"}],"database_specific":{"versions":[{"introduced":"0.10.0"},{"fixed":"0.11.2"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5351.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}