CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5987	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2376219	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libssh:libssh:-:*:*:*:*:*:*:*

History

22 Aug 2025, 13:11

Type	Values Removed	Values Added
First Time		Libssh Libssh libssh
CPE		cpe:2.3:a:libssh:libssh:-:::::::*
References	~~() https://access.redhat.com/security/cve/CVE-2025-5987 -~~	() https://access.redhat.com/security/cve/CVE-2025-5987 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2376219 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2376219 - Issue Tracking, Third Party Advisory

08 Jul 2025, 16:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 15:15

Updated : 2025-08-22 13:11

NVD link : CVE-2025-5987

Mitre link : CVE-2025-5987

CVE.ORG link : CVE-2025-5987

JSON object : View

Products Affected

libssh

libssh

CWE

CWE-393

Return of Wrong Status Code

{"id": "CVE-2025-5987", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-07-07T15:15:28.180", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-5987", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-393"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes."}, {"lang": "es", "value": "Se detect\u00f3 una falla en libssh al usar el cifrado ChaCha20 con la librer\u00eda OpenSSL. Si un atacante logra agotar el espacio del mont\u00f3n, este error no se detecta y puede provocar que libssh use un contexto de cifrado parcialmente inicializado. Esto se debe a que el c\u00f3digo de error de OpenSSL devolvi\u00f3 alias con el c\u00f3digo SSH_OK, lo que impide que libssh detecte correctamente el error devuelto por la librer\u00eda OpenSSL. Este problema puede provocar un comportamiento indefinido, como la confidencialidad e integridad de los datos comprometidas o fallos."}], "lastModified": "2025-08-22T13:11:29.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B0EB43D-D594-43B0-AB33-5E8E1A6C8BEF"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}