Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. It is strongly advised to apply updated libssh packages once available to prevent memory exhaustion risks on client systems.
Wed, 10 Sep 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 09 Sep 2025 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 09 Sep 2025 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. | |
Title | Libssh: memory exhaustion via repeated key exchange in libssh | |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
Weaknesses | CWE-401 | |
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-29T14:04:12.226Z
Reserved: 2025-07-28T11:02:27.938Z
Link: CVE-2025-8277

Updated: 2025-09-09T19:28:21.032Z

Status : Awaiting Analysis
Published: 2025-09-09T12:15:30.677
Modified: 2025-09-09T16:28:43.660
Link: CVE-2025-8277


No data.