A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libssh | Libssh | * | 0.11.2 (including) |
| Libssh | Ubuntu | esm-infra/bionic | * |
| Libssh | Ubuntu | esm-infra/focal | * |
| Libssh | Ubuntu | esm-infra/xenial | * |
| Libssh | Ubuntu | jammy | * |
| Libssh | Ubuntu | noble | * |
| Libssh | Ubuntu | plucky | * |
| Libssh | Ubuntu | questing | * |
| Libssh | Ubuntu | upstream | * |
Potential Mitigations
References
- https://access.redhat.com/security/cve/CVE-2025-8114
- https://bugzilla.redhat.com/show_bug.cgi?id=2383220
- https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d
- https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9
- https://www.libssh.org/security/advisories/CVE-2025-8114.txt