Количество 11
Количество 11
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older ...
GHSA-59w5-j22f-h3rv
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
BDU:2025-07644
Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2025:02281-1
Security update for libssh
SUSE-SU-2025:02279-1
Security update for libssh
SUSE-SU-2025:02278-1
Security update for libssh
SUSE-SU-2025:02229-1
Security update for libssh
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | CVSS3: 5 | 0% Низкий | 18 дней назад | |
| CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older ... | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
| GHSA-59w5-j22f-h3rv A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | около 1 месяца назад |
 | BDU:2025-07644 Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:02281-1 Security update for libssh | 24 дня назад | ||
| SUSE-SU-2025:02279-1 Security update for libssh | 24 дня назад | ||
| SUSE-SU-2025:02278-1 Security update for libssh | 24 дня назад | ||
| SUSE-SU-2025:02229-1 Security update for libssh | около 1 месяца назад |
Уязвимостей на страницу