Количество 14
Количество 14
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
CVE-2025-5372
Libssh: incorrect return code handling in ssh_kdf() in libssh
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older ...
RLSA-2025:21977
Moderate: libssh security update
GHSA-59w5-j22f-h3rv
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
ELSA-2025-21977
ELSA-2025-21977: libssh security update (MODERATE)
BDU:2025-07644
Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2025:02281-1
Security update for libssh
SUSE-SU-2025:02279-1
Security update for libssh
SUSE-SU-2025:02278-1
Security update for libssh
SUSE-SU-2025:02229-1
Security update for libssh
ROS-20250924-09
Множественные уязвимости libssh
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
| CVE-2025-5372 A flaw was found in libssh versions built with OpenSSL versions older ... | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
 | RLSA-2025:21977 Moderate: libssh security update | 0% Низкий | 6 дней назад | |
| GHSA-59w5-j22f-h3rv A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | CVSS3: 5 | 0% Низкий | 5 месяцев назад |
| ELSA-2025-21977 ELSA-2025-21977: libssh security update (MODERATE) | 8 дней назад | ||
 | BDU:2025-07644 Уязвимость функции ssh_kdf() библиотеки libssh, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5 | 0% Низкий | 7 месяцев назад |
 | SUSE-SU-2025:02281-1 Security update for libssh | 5 месяцев назад | ||
| SUSE-SU-2025:02279-1 Security update for libssh | 5 месяцев назад | ||
| SUSE-SU-2025:02278-1 Security update for libssh | 5 месяцев назад | ||
| SUSE-SU-2025:02229-1 Security update for libssh | 5 месяцев назад | ||
 | ROS-20250924-09 Множественные уязвимости libssh | CVSS3: 6.5 | 2 месяца назад |
Уязвимостей на страницу