Daily Archives: June 24, 2025

1 post

libssh 0.11.2 security and bugfix release

Release

This is a security release of libssh to address the following security issues:

  • CVE-2025-4877 – Write beyond bounds in binary to base64 conversion functions
  • CVE-2025-4878 – Use of uninitialized variable in privatekey_from_file()
  • CVE-2025-5318 – Likely read beyond bounds in sftp server handle management
  • CVE-2025-5351 – Double free in functions exporting keys
  • CVE-2025-5372 – ssh_kdf() returns a success code on certain failures
  • CVE-2025-5449 – Likely read beyond bounds in sftp server message decoding
  • CVE-2025-5987 – Invalid return code for chacha20 poly1305 with OpenSSL backend

In addition version 0.11.2 contains several bugfixes and backports. For full list, see the changelog below. Thanks to Ronald Crane for the responsible disclosure. Also thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk from Ruhr University Bochum.

If you are new to libssh you should read our tutorial how to get started. Please join our mailing list or visit our IRC or Matrix channels if you have questions.

You can download libssh here.

CHANGELOG

  • Security
    • CVE-2025-4877 – Write beyond bounds in binary to base64 conversion functions
    • CVE-2025-4878 – Use of uninitialized variable in privatekey_from_file()
    • CVE-2025-5318 – Likely read beyond bounds in sftp server handle management
    • CVE-2025-5351 – Double free in functions exporting keys
    • CVE-2025-5372 – ssh_kdf() returns a success code on certain failures
    • CVE-2025-5449 – Likely read beyond bounds in sftp server message decoding
    • CVE-2025-5987 – Invalid return code for chacha20 poly1305 with OpenSSL backend
  • Compatibility
    • Fixed compatibility with CPM.cmake
    • Compatibility with OpenSSH 10.0
    • Tests compatibility with new Dropbear releases
    • Removed p11-kit remoting from the pkcs11 testsuite
  • Bugfixes
    • Implement missing packet filter for DH GEX
    • Properly process the SSH2_MSG_DEBUG message
    • Allow escaping quotes in quoted arguments to ssh configuration
    • Do not fail with unknown match keywords in ssh configuration
    • Process packets before selecting signature algorithm during authentication
    • Do not fail hard when the SFTP status message is not sent by noncompliant
      servers