CVE-2025-8114 — NULL Pointer Dereference in Libssh

CWE-476 — NULL Pointer Dereference8 documents8 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 94.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh

Timeline

PublishedJul 24

Latest updateNov 4

Description

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶Debianlibssh/libssh< 0.9.8-0+deb11u2+3

▶NVDlibssh/libssh0.11.2

🔴Vulnerability Details

GHSA

GHSA-fpr2-pgq7-qwg4: A flaw was found in libssh, a library that implements the SSH protocol↗2025-07-25

▶

OSV

CVE-2025-8114: A flaw was found in libssh, a library that implements the SSH protocol↗2025-07-24

▶

CVEList

Libssh: null pointer dereference in libssh kex session id calculation↗2025-07-24

▶

📋Vendor Advisories

Ubuntu

libssh vulnerability↗2025-11-04

▶

Red Hat

libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation↗2025-07-24

▶

Microsoft

: null pointer dereference in libssh kex session id calculation↗2025-07-08

▶

Debian

CVE-2025-8114: libssh - A flaw was found in libssh, a library that implements the SSH protocol. When cal...↗2025

▶