CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-5987 – Libssh: invalid return code for chacha20 poly1305 with openssl backend
https://notcve.org/view.php?id=CVE-2025-5987
05 Jul 2025 — A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes. Ro... • https://access.redhat.com/security/cve/CVE-2025-5987 • CWE-393: Return of Wrong Status Code •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5351 – Libssh: double free vulnerability in libssh key export functions
https://notcve.org/view.php?id=CVE-2025-5351
04 Jul 2025 — A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.... • https://access.redhat.com/security/cve/CVE-2025-5351 • CWE-415: Double Free •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-5372 – Libssh: incorrect return code handling in ssh_kdf() in libssh
https://notcve.org/view.php?id=CVE-2025-5372
04 Jul 2025 — A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, in... • https://access.redhat.com/security/cve/CVE-2025-5372 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVSS: 4.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-4877 – openSUSE Security Advisory - openSUSE-SU-2025:15243-1
https://notcve.org/view.php?id=CVE-2025-4877
03 Jul 2025 — Write beyond bounds in binary to base64 conversion functions Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Ronald Crane discovered that libssh incorrectly handled the privatekey_from_file function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. •
CVSS: 3.6EPSS: 0%CPEs: 7EXPL: 0CVE-2025-4878 – openSUSE Security Advisory - openSUSE-SU-2025:15243-1
https://notcve.org/view.php?id=CVE-2025-4878
03 Jul 2025 — Use of uninitialized variable in privatekey_from_file() Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. Ronald Crane discovered that libssh incorrectly handled the privatekey_from_file function. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5449 – openSUSE Security Advisory - openSUSE-SU-2025:15243-1
https://notcve.org/view.php?id=CVE-2025-5449
03 Jul 2025 — Likely read beyond bounds in sftp server message decoding These are all security issues fixed in the libssh-config-0.11.2-1.1 package on the GA media of openSUSE Tumbleweed. •
CVSS: 7.0EPSS: 0%CPEs: 23EXPL: 9CVE-2025-32462 – Sudo 1.9.17 Host Option - Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-32462
30 Jun 2025 — Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--... • https://packetstorm.news/files/id/206211 • CWE-863: Incorrect Authorization •