{"id":"CVE-2025-8114","details":"A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.","modified":"2026-05-01T18:44:37.435268832Z","published":"2025-07-24T15:15:27.117Z","related":["CGA-cqj8-q5wg-rjf9","SUSE-SU-2025:03368-1","SUSE-SU-2025:03369-1","SUSE-SU-2025:20847-1","SUSE-SU-2025:20894-1","SUSE-SU-2025:3787-1","SUSE-SU-2025:3788-1","SUSE-SU-2025:4408-1","SUSE-SU-2026:21396-1","openSUSE-SU-2025:15545-1","openSUSE-SU-2026:20647-1"],"references":[{"type":"WEB","url":"https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d"},{"type":"WEB","url":"https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-8114"},{"type":"ADVISORY","url":"https://www.libssh.org/security/advisories/CVE-2025-8114.txt"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383220"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libssh/libssh-mirror","events":[{"introduced":"0"},{"last_affected":"dff6c0821ed54f6fbf5b755af43f54cbb723b1b1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11.2"}]}}],"versions":["libssh-0.11.0","libssh-0.11.1","libssh-0.11.2","libssh-0.8.0","release-0-3-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8114.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}