Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-8277

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

created 6 months, 1 week ago

Libssh: memory exhaustion via repeated key exchange in libssh

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

References

https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-8277 x_refsource_REDHAT vdb-entry
RHBZ#2383888 issue-tracking x_refsource_REDHAT

Affected products

rhcos

libssh

<0.11.3
<0.11.4

libssh2

Matching in nixpkgs

pkgs.libssh

SSH client library

nixos-unstable -
- nixpkgs-unstable 0.11.2

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

nixos-unstable -
- nixpkgs-unstable 1.11.1

pkgs.haskellPackages.libssh

libssh bindings

nixos-unstable -
- nixpkgs-unstable 0.1.0.0

pkgs.python312Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.python313Packages.ansible-pylibssh

Python bindings to client functionality of libssh specific to Ansible use case

nixos-unstable -
- nixpkgs-unstable 1.2.2

pkgs.tests.pkg-config.defaultPkgConfigPackages.libssh2

Test whether libssh2-1.11.1 exposes pkg-config modules libssh2

nixos-unstable -
- nixpkgs-unstable libssh2

Package maintainers

@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@geluk Johan Geluk <johan+nix@geluk.io>