Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:23483

Опубликовано: 19 дек. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

  • libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend (CVE-2025-5987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libssh-confignoarch17.el9_7libssh-config-0.10.4-17.el9_7.noarch.rpm
libssh-confignoarch17.el9_7libssh-config-0.10.4-17.el9_7.noarch.rpm
libsshi68617.el9_7libssh-0.10.4-17.el9_7.i686.rpm
libsshx86_6417.el9_7libssh-0.10.4-17.el9_7.x86_64.rpm
libssh-confignoarch17.el9_7libssh-config-0.10.4-17.el9_7.noarch.rpm
libssh-confignoarch17.el9_7libssh-config-0.10.4-17.el9_7.noarch.rpm

Показывать по

Связанные CVE

CVE-2025-5987

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-5987

CVSS3: 8.1
ubuntu
6 месяцев назад

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

redhat логотип

CVE-2025-5987

CVSS3: 5
redhat
9 месяцев назад

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

nvd логотип

CVE-2025-5987

CVSS3: 8.1
nvd
6 месяцев назад

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

msrc логотип

CVE-2025-5987

CVSS3: 5
msrc
6 месяцев назад

Libssh: invalid return code for chacha20 poly1305 with openssl backend

debian логотип

CVE-2025-5987

CVSS3: 8.1
debian
6 месяцев назад

A flaw was found in libssh when using the ChaCha20 cipher with the Ope ...