Количество 7
Количество 7
BDU:2025-07644
Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
CVE-2025-5372
ssh_kdf() returns a success code on certain failures
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older ...
GHSA-59w5-j22f-h3rv
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
SUSE-SU-2025:02229-1
Security update for libssh
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-07644 Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-5372 ssh_kdf() returns a success code on certain failures | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older ... | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
| GHSA-59w5-j22f-h3rv A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | SUSE-SU-2025:02229-1 Security update for libssh | около 1 месяца назад |
Уязвимостей на страницу