CVE-2025-8114

Libssh: null pointer dereference in libssh kex session id calculation

Published: 7/24/2025 Last updated: 1/22/2026 Reserved: 7/24/2025

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (7)

Product	Vendor	Version
Red Hat Enterprise Linux 8	Red Hat	FastConnect 7800
Red Hat Enterprise Linux 9	Red Hat	< 10.0.20348.1366
Red Hat Enterprise Linux 10	Red Hat	FastConnect 6700
		FastConnect 6200
Red Hat Enterprise Linux 7	Red Hat	FastConnect 6900
Red Hat Enterprise Linux 6	Red Hat	FastConnect 6800
Red Hat OpenShift Container Platform 4	Red Hat	Flight RB5 5G Platform

References (10)

Credits (2)

Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.
Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.