You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 5351
About this tag
CVE-2025-5351 is a double-free vulnerability in the libssh library's pki_key_to_blob() function, which can corrupt heap memory during error handling and potentially crash applications performing key export operations. Microsoft's advisory confirms Azure Linux as a carrier of the vulnerable component and commits to expanding CSAF/VEX attestations for product inventories. The tag covers discussions about the technical details of the bug, its impact on Azure Linux, and Microsoft's response. Users interested in security updates, vulnerability management, and open-source library risks in enterprise environments will find relevant information under this tag.
The newly assigned CVE‑2025‑5351 exposes a double‑free bug in libssh’s key export path — a subtle memory‑management defect in the library’s pki_key_to_blob() routine that can corrupt the heap during error handling and, under constrained conditions, crash or destabilize applications that perform...