A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
History

Mon, 07 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
Title libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend Libssh: invalid return code for chacha20 poly1305 with openssl backend
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Fri, 04 Jul 2025 02:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend
Weaknesses CWE-393
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-07T14:24:12.576Z

Updated: 2025-07-07T14:38:29.143Z

Reserved: 2025-06-10T21:55:45.552Z

Link: CVE-2025-5987

cve-icon Vulnrichment

Updated: 2025-07-07T14:37:08.270Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-07T15:15:28.180

Modified: 2025-07-08T16:18:34.923

Link: CVE-2025-5987

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-04-26T00:00:00Z

Links: CVE-2025-5987 - Bugzilla