A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Jul 2025 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 24 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 24 Jul 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | |
Title | : null pointer dereference in libssh kex session id calculation | |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
Weaknesses | CWE-476 | |
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published: 2025-07-24T14:14:47.745Z
Updated: 2025-07-24T15:32:08.957Z
Reserved: 2025-07-24T12:27:58.843Z
Link: CVE-2025-8114

Updated: 2025-07-24T15:32:06.298Z

Status : Awaiting Analysis
Published: 2025-07-24T15:15:27.117
Modified: 2025-07-25T15:29:19.837
Link: CVE-2025-8114
