: null pointer dereference in libssh kex session id calculation

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title : null pointer dereference in libssh kex session id calculation
Type cve
Published 2025-07-24T14:14:47.745Z
Modified 2025-07-24T14:14:47.745Z

Product Information

Vendor Red Hat
Product Red Hat Enterprise Linux 10

CVSS Information

Base Score 4.7 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Analysis

AI Description A null pointer dereference flaw in libssh during key exchange can cause client or server crashes due to allocation failures in cryptographic functions.
AI Severity Medium
AI Vendor Red Hat
AI Product libssh

Additional Information

CWE List CWE-476
Source redhat

Description

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.