Source: libssh
Version: 0.11.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc:
[email protected], Debian Security Team <
[email protected]>
Hi,
The following vulnerability was published for libssh.
CVE-2025-8114[0]:
| A flaw was found in libssh, a library that implements the SSH
| protocol. When calculating the session ID during the key exchange
| (KEX) process, an allocation failure in cryptographic functions may
| lead to a NULL pointer dereference. This issue can cause the client
| or server to crash.
At time of this writing I only have found the main reference as the
bugzilla entry from Red Hat.
https://www.libssh.org/security/advisories/ did not yet contain an
advisory for it. Can you maybe ask back to upstream?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2025-8114
https://www.cve.org/CVERecord?id=CVE-2025-8114
[1]
https://bugzilla.redhat.com/show_bug.cgi?id=2383220
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)