A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libssh | Libssh | 0.10.0 (including) | 0.11.2 (excluding) |
| Libssh | Ubuntu | noble | * |
| Libssh | Ubuntu | oracular | * |
| Libssh | Ubuntu | plucky | * |
| Libssh | Ubuntu | upstream | * |