CVE-2025-8114

{"id": "CVE-2025-8114", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2025-07-24T15:15:27.117", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-8114", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383220", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d", "source": "secalert@redhat.com"}, {"url": "https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9", "source": "secalert@redhat.com"}, {"url": "https://www.libssh.org/security/advisories/CVE-2025-8114.txt", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libssh, una librer\u00eda que implementa el protocolo SSH. Al calcular el ID de sesi\u00f3n durante el proceso de intercambio de claves (KEX), un fallo de asignaci\u00f3n en las funciones criptogr\u00e1ficas puede provocar una desreferencia de puntero nulo. Este problema puede provocar el bloqueo del cliente o del servidor."}], "lastModified": "2025-11-17T21:15:58.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2936209-B5E8-4C55-ABEE-2CD028C91B8F", "versionEndIncluding": "0.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}