Untriaged
Permalink
CVE-2025-5987
5.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
Libssh: invalid return code for chacha20 poly1305 with openssl backend
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
References
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0985 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0996 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0980 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0985 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0996 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0980 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0985 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0996 x_refsource_REDHAT vendor-advisory
- RHSA-2026:1539 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23483 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23484 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0427 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0428 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0430 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0431 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0702 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0978 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0980 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0985 x_refsource_REDHAT vendor-advisory
- RHSA-2026:0996 x_refsource_REDHAT vendor-advisory
- RHSA-2026:1539 x_refsource_REDHAT vendor-advisory
- RHSA-2026:1541 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-5987 x_refsource_REDHAT vdb-entry
- RHBZ#2376219 issue-tracking x_refsource_REDHAT
Affected products
rhcos
- *
libssh
- *
- <0.11.2
libssh2
Matching in nixpkgs
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.haskellPackages.libssh
libssh bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
-
nixos-unstable -
- nixpkgs-unstable libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>