5.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
Libssh: incorrect return code handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
References
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- RHSA-2025:21977 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- RHSA-2025:21977 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
- RHSA-2025:21977 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23024 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21977 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23024 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5372 x_refsource_REDHAT vdb-entry
- RHBZ#2369388 issue-tracking x_refsource_REDHAT
Affected products
- <0.11.2
- *
Matching in nixpkgs
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.haskellPackages.libssh
libssh bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
-
nixos-unstable -
- nixpkgs-unstable libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>