JLSEC-2025-98

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-98.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-98.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2025-98
Upstream
Published
2025-10-19T18:40:48.457Z
Modified
2025-11-03T00:19:51.500177Z
Summary
A flaw was found in the key export functionality of libssh
Details

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Database specific 
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5351",
            "imported": "2025-10-18T14:10:41.583Z",
            "id": "CVE-2025-5351",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5351",
            "published": "2025-07-04T09:15:37.100Z",
            "modified": "2025-08-22T13:50:58.653Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / libssh_jll

Package

Name
libssh_jll
Purl
pkg:julia/libssh_jll?uuid=a8d4f100-aa25-5708-be18-96e0805c2c9d

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.11.3+0