Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libssh@0?distro=trixie

Type deb

Namespace debian

Name libssh

Version 0

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.5.3-1

Latest_non_vulnerable_version 0.12.0-3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-19zh-14c7-93a4

vulnerability_id VCID-19zh-14c7-93a4

summary libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5987.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5987.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5987

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22152
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2213
published_at	2026-04-12T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22171
published_at	2026-04-11T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22186
published_at	2026-04-02T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22016
published_at	2026-04-21T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22063
published_at	2026-04-18T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2207
published_at	2026-04-16T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22071
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22235
published_at	2026-04-04T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22017
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22097
published_at	2026-04-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23153
published_at	2026-04-26T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23164
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5987

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
reference_id	1108407
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2376219

reference_id

2376219

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2376219

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
reference_id	cpe:/a:redhat:openshift:4.15::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9
reference_id	cpe:/a:redhat:openshift:4.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1
reference_id	cpe:/o:redhat:enterprise_linux:10.1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0
reference_id	cpe:/o:redhat:enterprise_linux_eus:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos

reference_url

https://access.redhat.com/security/cve/CVE-2025-5987

reference_id

CVE-2025-5987

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/security/cve/CVE-2025-5987

reference_url

https://www.libssh.org/security/advisories/CVE-2025-5987.txt

reference_id

CVE-2025-5987.txt

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://www.libssh.org/security/advisories/CVE-2025-5987.txt

reference_url

https://access.redhat.com/errata/RHSA-2025:23483

reference_id

RHSA-2025:23483

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2025:23483

reference_url

https://access.redhat.com/errata/RHSA-2025:23484

reference_id

RHSA-2025:23484

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2025:23484

reference_url

https://access.redhat.com/errata/RHSA-2026:0427

reference_id

RHSA-2026:0427

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0427

reference_url

https://access.redhat.com/errata/RHSA-2026:0428

reference_id

RHSA-2026:0428

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0428

reference_url

https://access.redhat.com/errata/RHSA-2026:0430

reference_id

RHSA-2026:0430

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0430

reference_url

https://access.redhat.com/errata/RHSA-2026:0431

reference_id

RHSA-2026:0431

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0431

reference_url

https://access.redhat.com/errata/RHSA-2026:0702

reference_id

RHSA-2026:0702

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0702

reference_url

https://access.redhat.com/errata/RHSA-2026:0978

reference_id

RHSA-2026:0978

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0978

reference_url

https://access.redhat.com/errata/RHSA-2026:0980

reference_id

RHSA-2026:0980

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0980

reference_url

https://access.redhat.com/errata/RHSA-2026:0985

reference_id

RHSA-2026:0985

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0985

reference_url

https://access.redhat.com/errata/RHSA-2026:0996

reference_id

RHSA-2026:0996

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:0996

reference_url

https://access.redhat.com/errata/RHSA-2026:1539

reference_id

RHSA-2026:1539

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:1539

reference_url

https://access.redhat.com/errata/RHSA-2026:1541

reference_id

RHSA-2026:1541

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:1541

reference_url

https://access.redhat.com/errata/RHSA-2026:3415

reference_id

RHSA-2026:3415

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T04:55:55Z/

url

https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://usn.ubuntu.com/7619-1/
reference_id	USN-7619-1
reference_type
scores
url	https://usn.ubuntu.com/7619-1/

fixed_packages

url	pkg:deb/debian/libssh@0?distro=trixie
purl	pkg:deb/debian/libssh@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

url pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.9.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.10.6-0%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
purl	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
purl	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.12.0-3%3Fdistro=trixie

aliases CVE-2025-5987

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19zh-14c7-93a4

url VCID-3wqk-hes8-j3gw

vulnerability_id VCID-3wqk-hes8-j3gw

summary libssh: Integer Overflow in libssh SFTP Server Packet Length Validation Leading to Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5449.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5449.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5449

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39658
published_at	2026-04-26T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39845
published_at	2026-04-21T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39672
published_at	2026-04-24T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42506
published_at	2026-04-04T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42477
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42504
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42494
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42443
published_at	2026-04-07T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44204
published_at	2026-04-13T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44203
published_at	2026-04-12T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44236
published_at	2026-04-11T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44255
published_at	2026-04-18T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.44265
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5449

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
reference_id	1108407
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2369705

reference_id

2369705

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2369705

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2025-5449

reference_id

CVE-2025-5449

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://access.redhat.com/security/cve/CVE-2025-5449

reference_url

https://www.libssh.org/security/advisories/CVE-2025-5449.txt

reference_id

CVE-2025-5449.txt

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://www.libssh.org/security/advisories/CVE-2025-5449.txt

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f

reference_id

?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=261612179f740bc62ba363d98b3bd5e5573a811f

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da

reference_id

?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=3443aec90188d6aab9282afc80a81df5ab72c4da

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7

reference_id

?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=5504ff40515439a5fecbb17da7483000c4d12eb7

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496

reference_id

?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=78485f446af9b30e37eb8f177b81940710d54496

reference_url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb

reference_id

?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-25T17:33:59Z/

url

https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=f79ec51b7fd519dbc5737a7ba826e3ed093f6ceb

reference_url	https://usn.ubuntu.com/7619-1/
reference_id	USN-7619-1
reference_type
scores
url	https://usn.ubuntu.com/7619-1/

fixed_packages

url	pkg:deb/debian/libssh@0?distro=trixie
purl	pkg:deb/debian/libssh@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

url pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.9.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.10.6-0%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
purl	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
purl	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.12.0-3%3Fdistro=trixie

aliases CVE-2025-5449

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wqk-hes8-j3gw

url VCID-754c-prpu-sqda

vulnerability_id VCID-754c-prpu-sqda

summary libssh: Double Free Vulnerability in libssh Key Export Functions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5351.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5351.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5351

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.30225
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.303
published_at	2026-04-02T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3026
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30263
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30221
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30173
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30188
published_at	2026-04-16T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30169
published_at	2026-04-18T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30348
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30165
published_at	2026-04-07T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-24T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31419
published_at	2026-04-26T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31718
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5351

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407
reference_id	1108407
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108407

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2369367

reference_id

2369367

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:19:53Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2369367

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2025-5351

reference_id

CVE-2025-5351

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:19:53Z/

url

https://access.redhat.com/security/cve/CVE-2025-5351

reference_url	https://usn.ubuntu.com/7619-1/
reference_id	USN-7619-1
reference_type
scores
url	https://usn.ubuntu.com/7619-1/

fixed_packages

url	pkg:deb/debian/libssh@0?distro=trixie
purl	pkg:deb/debian/libssh@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

url pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.9.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.10.6-0%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
purl	pkg:deb/debian/libssh@0.11.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
purl	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.12.0-3%3Fdistro=trixie

aliases CVE-2025-5351

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-754c-prpu-sqda

url VCID-9z1q-1hjj-4ucn

vulnerability_id VCID-9z1q-1hjj-4ucn

summary libssh: libssh: Insecure default configuration leads to local man-in-the-middle attacks on Windows

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14821.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14821.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14821

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.0109
published_at	2026-04-12T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01114
published_at	2026-04-09T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01096
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01537
published_at	2026-04-26T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01365
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01378
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01458
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01467
published_at	2026-04-24T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01374
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14821

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2423148

reference_id

2423148

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T17:26:32Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2423148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2025-14821

reference_id

CVE-2025-14821

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T17:26:32Z/

url

https://access.redhat.com/security/cve/CVE-2025-14821

reference_url

https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

reference_id

libssh-0-12-0-and-0-11-4-security-releases

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T17:26:32Z/

url

https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

reference_url

https://access.redhat.com/errata/RHSA-2026:7067

reference_id

RHSA-2026:7067

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-07T17:26:32Z/

url

https://access.redhat.com/errata/RHSA-2026:7067

fixed_packages

url	pkg:deb/debian/libssh@0?distro=trixie
purl	pkg:deb/debian/libssh@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

url pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.9.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.10.6-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
purl	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.12.0-3%3Fdistro=trixie

aliases CVE-2025-14821

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9z1q-1hjj-4ucn

url VCID-y2ub-err2-4fc6

vulnerability_id VCID-y2ub-err2-4fc6

summary libssh: Processing SFTP server read may cause NULL dereference

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3603.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3603.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3603

reference_id

reference_type

scores

value	0.0012
scoring_system	epss
scoring_elements	0.30605
published_at	2026-04-26T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.31038
published_at	2026-04-02T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30917
published_at	2026-04-18T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30882
published_at	2026-04-21T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30722
published_at	2026-04-24T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.31085
published_at	2026-04-04T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30902
published_at	2026-04-07T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.3096
published_at	2026-04-08T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.3099
published_at	2026-04-09T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30994
published_at	2026-04-11T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30951
published_at	2026-04-12T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30906
published_at	2026-04-13T12:55:00Z

value	0.0012
scoring_system	epss
scoring_elements	0.30937
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3603

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2221791

reference_id

2221791

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T20:04:28Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2221791

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-3603

reference_id

CVE-2023-3603

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T20:04:28Z/

url

https://access.redhat.com/security/cve/CVE-2023-3603

fixed_packages

url	pkg:deb/debian/libssh@0?distro=trixie
purl	pkg:deb/debian/libssh@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

url pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/libssh@0.9.8-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.9.8-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/libssh@0.10.6-0%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.10.6-0%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/libssh@0.11.2-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qxq-4833-s7bd

vulnerability	VCID-8zdu-udyx-qkhu

vulnerability	VCID-hhun-qvy9-pydj

vulnerability	VCID-p6ex-bypb-n3fg

vulnerability	VCID-v97m-zm6x-gfga

vulnerability	VCID-y3hu-uqgn-7uhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.11.2-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
purl	pkg:deb/debian/libssh@0.12.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0.12.0-3%3Fdistro=trixie

aliases CVE-2023-3603

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ub-err2-4fc6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libssh@0%3Fdistro=trixie

Package Instance