{"id":"AZL-66267","summary":"CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5","details":"A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.","modified":"2026-04-21T04:37:49.345734Z","published":"2025-07-24T15:15:27Z","upstream":["CVE-2025-8114"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8114"}],"affected":[{"package":{"name":"libssh","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.6-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66267.json"}}],"schema_version":"1.7.5"}