CVE-2025-5987

{"id": "CVE-2025-5987", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-07-07T15:15:28.180", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:23483", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23484", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0427", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0428", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0430", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0431", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0702", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0978", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0980", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0985", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0996", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-5987", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-393"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes."}, {"lang": "es", "value": "Se detect\u00f3 una falla en libssh al usar el cifrado ChaCha20 con la librer\u00eda OpenSSL. Si un atacante logra agotar el espacio del mont\u00f3n, este error no se detecta y puede provocar que libssh use un contexto de cifrado parcialmente inicializado. Esto se debe a que el c\u00f3digo de error de OpenSSL devolvi\u00f3 alias con el c\u00f3digo SSH_OK, lo que impide que libssh detecte correctamente el error devuelto por la librer\u00eda OpenSSL. Este problema puede provocar un comportamiento indefinido, como la confidencialidad e integridad de los datos comprometidas o fallos."}], "lastModified": "2026-02-03T22:16:27.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28859F90-CC03-4355-AC1B-E595AE86511A", "versionEndExcluding": "0.11.2", "versionStartIncluding": "0.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}