A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
History

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 24 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 24 Jul 2025 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
Title : null pointer dereference in libssh kex session id calculation
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-476
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-24T14:14:47.745Z

Updated: 2025-07-24T15:32:08.957Z

Reserved: 2025-07-24T12:27:58.843Z

Link: CVE-2025-8114

cve-icon Vulnrichment

Updated: 2025-07-24T15:32:06.298Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-24T15:15:27.117

Modified: 2025-07-25T15:29:19.837

Link: CVE-2025-8114

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-24T00:00:00Z

Links: CVE-2025-8114 - Bugzilla