AZL-64653

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64653.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64653

Upstream

CVE-2025-5351

Published

2025-07-04T09:15:37Z

Modified

2026-04-21T04:32:30.462126Z

Summary

CVE-2025-5351 affecting package libssh for versions less than 0.10.6-2

Details

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5351

Affected packages

Azure Linux:2 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64653.json"