CVE-2025-8277

Libssh: memory exhaustion via repeated key exchange in libssh

CVSS 3.1 LOWEPSS 0.4%CWE-401

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

09 sep 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Productos afectados

libsshRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9 Red Hat · Red Hat In-Vehicle Operating System 1 Red Hat · Red Hat OpenShift Container Platform 4

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2026:18683 https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.libssh.org/security/advisories/CVE-2025-8277.txt