CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5987
https://bugzilla.redhat.com/show_bug.cgi?id=2376219

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en libssh al usar el cifrado ChaCha20 con la librería OpenSSL. Si un atacante logra agotar el espacio del montón, este error no se detecta y puede provocar que libssh use un contexto de cifrado parcialmente inicializado. Esto se debe a que el código de error de OpenSSL devolvió alias con el código SSH_OK, lo que impide que libssh detecte correctamente el error devuelto por la librería OpenSSL. Este problema puede provocar un comportamiento indefinido, como la confidencialidad e integridad de los datos comprometidas o fallos.

07 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 15:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-5987

Mitre link : CVE-2025-5987

CVE.ORG link : CVE-2025-5987

JSON object : View

Products Affected

No product.

CWE

CWE-393

Return of Wrong Status Code

5.0 /10