{"id":"JLSEC-2025-98","summary":"A flaw was found in the key export functionality of libssh","details":"A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.","modified":"2025-11-06T23:03:49.570165Z","published":"2025-10-19T18:40:48.457Z","upstream":["CVE-2025-5351"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5351","id":"CVE-2025-5351","published":"2025-07-04T09:15:37.100Z","modified":"2025-08-22T13:50:58.653Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5351","imported":"2025-10-18T14:10:41.583Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-5351"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369367"}],"affected":[{"package":{"name":"libssh_jll","ecosystem":"Julia","purl":"pkg:julia/libssh_jll?uuid=a8d4f100-aa25-5708-be18-96e0805c2c9d"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.11.3+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-98.json"}}],"schema_version":"1.7.3"}