CVE-2025-8277
3.1 LOWA flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses
Published: 2025-09-09 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 3.1 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-401
Description
A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53464 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
- CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
- CVE-2026-45682 — OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard (5.1 MEDIUM)
- CVE-2026-47326 — Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications (5.5 MEDIUM)
- CVE-2026-46228 — In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces ... (5.5 MEDIUM)