CVE-2025-8114

Libssh: null pointer dereference in libssh kex session id calculation

Published: 7/24/2025 Last updated: 11/17/2025 Reserved: 7/24/2025

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	4.7	Medium	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

libssh

Products affected (11)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	n/a
		<= 6.1.03.05
Red Hat Enterprise Linux 10	Red Hat	< 10.0.17763.4252
Red Hat Enterprise Linux 8	Red Hat	< 10.0.17763.4252
Red Hat Enterprise Linux 9	Red Hat	<= 11.0.0.25
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	1.0.0 to 21.0.7
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	Android-13
Red Hat OpenShift Container Platform 4	Red Hat	n/a

References (10)

Credits (2)

Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.
Red Hat would like to thank Jakub Jelen and Philippe Antoine for reporting this issue.