AZL-66267

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66267.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66267

Upstream

CVE-2025-8114

Published

2025-07-24T15:15:27Z

Modified

2026-04-21T04:37:49.345734Z

Summary

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5

Details

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-8114

Affected packages

Azure Linux:2 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66267.json"