CVE-2025-8277
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory, leading to crashes on the client side, particularly when using libgcrypt.
Risk Assessment
This vulnerability can lead to memory exhaustion and application crashes, impacting the stability and availability of services using libssh, especially in memory-constrained environments.
Recommendation
Update libssh to a patched version that fixes memory management during KEX, and monitor memory usage in critical systems.
Original NVD description (English source)
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

