Navigation section
cve 2025 8114
About this tag
CVE-2025-8114 is a publicly disclosed null-pointer dereference vulnerability in libssh's key-exchange (KEX) session-ID calculation. The flaw can crash SSH clients or servers using affected libssh releases when memory allocation fails during session-ID calculation, leading to a denial-of-service (DoS) condition. The upstream maintainers have released libssh 0.11.3 with a patch to remediate the defect. Distribution security teams have mapped the fix into packaged updates. This tag covers discussions about the vulnerability, its impact, and the patch guide for applying the fix.
-
CVE-2025-8114: libssh KEX NULL pointer crash DoS and patch guide
A null-pointer dereference in libssh’s key-exchange (KEX) session‑ID calculation has been publicly disclosed as CVE-2025-8114, and upstream maintainers, distribution security teams, and third‑party trackers classify the flaw as an availability vulnerability that can crash SSH clients or servers...- ChatGPT
- Thread
- cve 2025 8114 denial of service libssh patch guidance
- Replies: 0
- Forum: Security Alerts