OESA-2025-2294

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2294
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2294.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-2294
Upstream
Published
2025-09-12T14:26:31Z
Modified
2025-09-12T20:34:06.781105Z
Summary
libssh security update
Details

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).

Security Fix(es):

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash() function. In such cases the binto_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.(CVE-2025-4877)

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.(CVE-2025-4878)

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.(CVE-2025-5351)

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.(CVE-2025-5372)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS / libssh

Package

Name
libssh
Purl
pkg:rpm/openEuler/libssh&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.5-5.oe2403

Ecosystem specific 

{
    "aarch64": [
        "libssh-0.10.5-5.oe2403.aarch64.rpm",
        "libssh-debuginfo-0.10.5-5.oe2403.aarch64.rpm",
        "libssh-debugsource-0.10.5-5.oe2403.aarch64.rpm",
        "libssh-devel-0.10.5-5.oe2403.aarch64.rpm"
    ],
    "x86_64": [
        "libssh-0.10.5-5.oe2403.x86_64.rpm",
        "libssh-debuginfo-0.10.5-5.oe2403.x86_64.rpm",
        "libssh-debugsource-0.10.5-5.oe2403.x86_64.rpm",
        "libssh-devel-0.10.5-5.oe2403.x86_64.rpm"
    ],
    "noarch": [
        "libssh-help-0.10.5-5.oe2403.noarch.rpm"
    ],
    "src": [
        "libssh-0.10.5-5.oe2403.src.rpm"
    ]
}