Описание
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
Отчет
The Red Hat Product Security team has rated the severity of this issue as Moderate. The vulnerability arises from a double free condition that is only exploitable under rare and constrained scenarios such as low memory environments. Furthermore, exploitation requires an authenticated user with access to key export functionality, limiting the scope and impact. Despite the restricted preconditions, the flaw still presents a stability concern for services utilizing libssh in sensitive environments.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Administrators should apply vendor-supplied patches as soon as they become available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libssh | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libssh2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libssh2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libssh | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libssh | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
Связанные уязвимости
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
A flaw was found in the key export functionality of libssh. The issue ...
A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
4.2 Medium
CVSS3