Untriaged
Permalink
CVE-2025-8114
4.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
: null pointer dereference in libssh kex session id calculation
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
References
- https://access.redhat.com/security/cve/CVE-2025-8114 x_refsource_REDHAT vdb-entry
- RHBZ#2383220 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8114 x_refsource_REDHAT vdb-entry
- RHBZ#2383220 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8114 x_refsource_REDHAT vdb-entry
- RHBZ#2383220 issue-tracking x_refsource_REDHAT
- https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1…
- https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9
- https://www.libssh.org/security/advisories/CVE-2025-8114.txt
Affected products
rhcos
libssh
- <0.11.3
libssh2
Matching in nixpkgs
pkgs.libssh2
Client-side C library implementing the SSH2 protocol
-
nixos-unstable -
- nixpkgs-unstable 1.11.1
pkgs.haskellPackages.libssh
libssh bindings
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.0
pkgs.python312Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.ansible-pylibssh
Python bindings to client functionality of libssh specific to Ansible use case
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2
Test whether libssh2-1.11.1 exposes pkg-config modules libssh2
-
nixos-unstable -
- nixpkgs-unstable libssh2
Package maintainers
-
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@geluk Johan Geluk <johan+nix@geluk.io>