Bug 2383220 (CVE-2025-8114)

Summary: CVE-2025-8114 libssh: NULL Pointer Dereference in libssh KEX Session ID Calculation
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhraj, adudiak, kshier, omaciel, stcannon, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed: Yes
Bug Depends On: 2383236, 2383237, 2394054    
Bug Blocks:    

Description OSIDB Bzimport 2025-07-24 12:41:16 UTC 
NULL Pointer Dereference vulnerability in the session ID calculation logic of the libssh library. The flaw arises from improper handling of allocation errors during cryptographic operations in the key exchange (KEX) phase. If a memory allocation fails, the resulting NULL pointer may be dereferenced, leading to a crash in both SSH clients and servers. This vulnerability can be exploited by a local attacker with limited privileges and no user interaction, potentially disrupting services that rely on libssh for secure communication.The issue affects libssh versions up to and including 0.11.2.
Comment 1 Avinash Hanwate 2025-07-25 10:32:03 UTC 
.