CVE-2025-5351: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-5351 is a security vulnerability affecting libssh versions 0.10.0 and later when built with OpenSSL 3.0 or higher. The vulnerability was discovered and reported by Ronald Crane via Zippenhop LLC, and was publicly disclosed on June 24, 2025. This vulnerability involves a double free corruption that occurs in functions responsible for exporting keys (LibSSH Advisory).

The vulnerability exists in the pkikeytoblob() function, which is used by various other functions for exporting public or private keys to blobs or base64. The issue occurs because the function fails to reset the 'params' variable to NULL after freeing it. Under low-memory conditions, when string allocation fails, libssh calls OSSLPARAM_free() with the same arguments, leading to a double free corruption. The vulnerability has been assigned a CVSS v3.1 score of 3.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C) (LibSSH Advisory).

The vulnerability can result in a system crash due to double free corruption when attempting to export keys under specific conditions. The impact is primarily limited to confidentiality and integrity with low severity, as indicated by the CVSS score. The vulnerability requires network access and high attack complexity to exploit (LibSSH Advisory).

The vulnerability has been fixed in libssh version 0.11.2. System administrators are strongly advised to upgrade to this version as soon as possible. No workarounds are available for this vulnerability. Patches addressing the issue have been made available through the libssh security portal (LibSSH Advisory).