Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-8114

Опубликовано: 24 июл. 2025
Источник: debian

Описание

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsshfixed0.11.3-1package
libsshfixed0.11.2-1+deb13u1trixiepackage
libsshno-dsabookwormpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2383220

  • https://gitlab.com/libssh/libssh-mirror/-/issues/317

  • https://www.libssh.org/security/advisories/CVE-2025-8114.txt

  • https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d

  • https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=65f363c9e3a22b90af7f74b5c439a133b1047379 (libssh-0.11.3)

Связанные уязвимости

ubuntu логотип

CVE-2025-8114

CVSS3: 4.7
ubuntu
4 месяца назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

redhat логотип

CVE-2025-8114

CVSS3: 4.7
redhat
4 месяца назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

nvd логотип

CVE-2025-8114

CVSS3: 4.7
nvd
4 месяца назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

msrc логотип

CVE-2025-8114

msrc
3 месяца назад

: null pointer dereference in libssh kex session id calculation

github логотип

GHSA-fpr2-pgq7-qwg4

CVSS3: 4.7
github
4 месяца назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.