CVE Catalog

CVE-2025-8277

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

29th percentile — higher than 29% of all known CVEs

Summary

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory, leading to crashes on the client side, particularly when using libgcrypt.

Risk Assessment

This vulnerability can lead to memory exhaustion and application crashes, impacting the stability and availability of services using libssh, especially in memory-constrained environments.

Recommendation

Update libssh to a patched version that fixes memory management during KEX, and monitor memory usage in critical systems.

Original NVD description (English source)

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS