CVE-2025-8277

Libssh: memory exhaustion via repeated key exchange in libssh

CVSS 3.1 LOWEPSS 0.4%CWE-401

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Productos afectados

libsshRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat OpenShift Container Platform 4

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2026:18683 https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.libssh.org/security/advisories/CVE-2025-8277.txt