Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-8114

Опубликовано: 24 июл. 2025
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

Отчет

The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate, due to its local attack vector and high complexity of exploitation. Although it requires specific allocation failure scenarios, successful exploitation can result in a crash of SSH clients or servers using libssh. This is caused by a NULL pointer dereference during the calculation of the KEX session ID.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10libsshFix deferred
Red Hat Enterprise Linux 6libssh2Not affected
Red Hat Enterprise Linux 7libssh2Not affected
Red Hat Enterprise Linux 8libsshFix deferred
Red Hat Enterprise Linux 9libsshFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2383220CVE-2025-8114: NULL Pointer Dereference in libssh KEX Session ID Calculation

EPSS

Процентиль: 2%
0.00014
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.7
ubuntu
10 дней назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CVSS3: 4.7
nvd
10 дней назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CVSS3: 4.7
debian
10 дней назад

A flaw was found in libssh, a library that implements the SSH protocol ...

CVSS3: 4.7
github
9 дней назад

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

EPSS

Процентиль: 2%
0.00014
Низкий

4.7 Medium

CVSS3