libssh Double Free Vulnerability in Key Export Functionality

Vulnerability

A double free vulnerability has been identified in libssh's key export functionality, specifically in versions 0.10.0 and later when built with OpenSSL 3.0 or later. The issue arises in the pki_key_to_blob() function, where a memory structure is freed during error handling but not properly cleared. This oversight can lead to a double free situation if another error occurs later in the function, potentially causing heap corruption or application crashes, particularly in low-memory conditions.

Impact

Exploitation of this vulnerability could lead to heap corruption or instability of applications using libssh for exporting SSH key material, especially in low-memory environments.

Added: Jul 4, 2025, 9:16 AM

Updated: Jul 4, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libssh Double Free Vulnerability in Key Export Functionality

Vulnerability

Impact

Affected Products

libssh

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating