| Package | libssh |
|---|---|
| Version | 0.7.3-2+deb9u5 (stretch) |
| Related CVEs | CVE-2023-6004 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-8114 CVE-2025-8277 |
Several vulnerabilities have been found in libssh, a tiny C SSH library.
CVE-2023-6004
Vinci found a command injection issue in the ProxyCommand and ProxyJump
features.
CVE-2025-4877
Ronald Crane found that bin_to_base64() could experience an integer
overflow and subsequent under allocation, leading to an out of
bounds write on 32-bit builds.
CVE-2025-4878
Ronald Crane found that privatekey_from_file() used an uninitialized
variable under certain conditions, which could lead to signing
failure, use-after-free or memory corruption.
CVE-2025-5318
Ronald Crane found that sftp_handle() had an incorrect check, which
could lead to an out of bounds read.
CVE-2025-8114
Philippe Antoine found a null pointer dereference issue when libssh
calculates the session id for the key exchange (KEX) process and an
error happens when allocating memory using cryptographic functions,
leading to a crash.
CVE-2025-8277
Francesco Rollo a memory leak during the KEX process when a client
sets the `first_kex_packet_follows` flag in the KEXINIT message and
repeatedly makes incorrect KEX guesses.
For Debian 9 stretch, these problems have been fixed in version 0.7.3-2+deb9u5.
We recommend that you upgrade your libssh packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.