Fedora Account System
Red Hat Associate
Red Hat Customer
A Double Free vulnerability exists in libssh’s key export mechanism when built against OpenSSL 3.0 or later. The flaw lies in the pki_key_to_blob() function, where a memory structure (params) is deallocated during error handling but not properly nullified. If a subsequent operation encounters an error, the same structure may be freed again, leading to undefined behavior and potential process crashes. Although exploitation requires authenticated access and specific memory failure conditions, the flaw could be leveraged to destabilize applications using libssh for exporting SSH key material. Affected versions : libssh >= 0.10.0, built with OpenSSL >= 3.0
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:18683 https://access.redhat.com/errata/RHSA-2026:18683