CVE-2025-8277

Libssh: memory exhaustion via repeated key exchange in libssh

CVSS 3.1 LOWEPSS 0.4%CWE-401

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

libsshRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat In-Vehicle Operating System 1 Red Hat · Red Hat OpenShift Container Platform 4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2026:18683 https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.libssh.org/security/advisories/CVE-2025-8277.txt