CVE-2025-8114

Libssh: null pointer dereference in libssh kex session id calculation

Published: 7/24/2025 Last updated: 5/19/2026 Reserved: 7/24/2025

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (16)

Product	Vendor	Version
		n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	7 for x64-based Systems Service Pack 1
		< publication
Red Hat Enterprise Linux 9	Red Hat	< publication
Red Hat Enterprise Linux 9	Red Hat	< publication
Red Hat Enterprise Linux 10	Red Hat	< publication
Red Hat Enterprise Linux 8	Red Hat	< publication
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	7 for 32-bit Systems Service Pack 1
Red Hat Enterprise Linux 7	Red Hat	< publication
Red Hat Enterprise Linux 6	Red Hat	< publication
Red Hat OpenShift Container Platform 4	Red Hat	8.1 for 32-bit systems
Red Hat OpenShift Container Platform 4	Red Hat	< publication

References (12)

Credits (2)

Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.
Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.