#VU115175 Memory leak in libssh - CVE-2025-8277
Vulnerability identifier: #VU115175
Vulnerability risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
libssh
Universal components / Libraries /
Libraries used by multiple products
Vendor: libssh
Description
The vulnerability allows a remote user to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling key exchange (KEX) processes if a client repeatedly sends incorrect KEX guesses. A remote user can force the application to leak memory and perform denial of service attack.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
libssh: All versions
External links
https://access.redhat.com/security/cve/CVE-2025-8277
https://bugzilla.redhat.com/show_bug.cgi?id=2383888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
