CVE-2025-5987

5.0 MEDIUM
Published: July 07, 2025 Modified: December 18, 2025
View on NVD

Description

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:23483
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:23484
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-5987
Source: secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2376219
Source: secalert@redhat.com
Issue Tracking Third Party Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.0 / 10.0
EPSS (Exploit Probability)
0.1%
19th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-393

Affected Vendors

libssh

Related CVEs

CVE-2026-21652 N/A
CVE-2026-21651 N/A
CVE-2026-21650 N/A
CVE-2026-21649 N/A
CVE-2026-21648 N/A