Libssh · Libssh · CVE-2025-8277
Name of the Vulnerable Software and Affected Versions:
libssh (affected versions not specified)
Description:
A memory exhaustion issue exists in libssh’s handling of key exchange (KEX) processes. When a client repeatedly sends incorrect KEX guesses, the library fails to free memory during rekey operations, potentially leading to system memory exhaustion and client-side crashes, particularly when using libgcrypt.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.