Source: libssh Version: 0.11.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libssh. CVE-2025-8114[0]: | A flaw was found in libssh, a library that implements the SSH | protocol. When calculating the session ID during the key exchange | (KEX) process, an allocation failure in cryptographic functions may | lead to a NULL pointer dereference. This issue can cause the client | or server to crash. At time of this writing I only have found the main reference as the bugzilla entry from Red Hat. https://www.libssh.org/security/advisories/ did not yet contain an advisory for it. Can you maybe ask back to upstream? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-8114 https://www.cve.org/CVERecord?id=CVE-2025-8114 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2383220 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
