{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:37:41.982","vulnerabilities":[{"cve":{"id":"CVE-2025-5987","sourceIdentifier":"secalert@redhat.com","published":"2025-07-07T15:15:28.180","lastModified":"2026-03-20T21:17:12.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes."},{"lang":"es","value":"Se detectó una falla en libssh al usar el cifrado ChaCha20 con la librería OpenSSL. Si un atacante logra agotar el espacio del montón, este error no se detecta y puede provocar que libssh use un contexto de cifrado parcialmente inicializado. Esto se debe a que el código de error de OpenSSL devolvió alias con el código SSH_OK, lo que impide que libssh detecte correctamente el error devuelto por la librería OpenSSL. Este problema puede provocar un comportamiento indefinido, como la confidencialidad e integridad de los datos comprometidas o fallos."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-393"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionStartIncluding":"0.10.0","versionEndExcluding":"0.11.2","matchCriteriaId":"28859F90-CC03-4355-AC1B-E595AE86511A"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:23483","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:23484","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0427","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0428","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0430","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0431","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0702","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0978","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0980","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0985","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:0996","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:1539","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:1541","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:3415","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-5987","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376219","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.libssh.org/security/advisories/CVE-2025-5987.txt","source":"secalert@redhat.com"}]}}]}