AZL-67092

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67092.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-67092

Upstream

CVE-2025-8277

Published

2025-09-09T12:15:30Z

Modified

2026-04-21T04:38:04.363089Z

Summary

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-5

Details

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-8277

Affected packages

Azure Linux:2 / libssh

Package

Name: libssh
Purl: pkg:rpm/azure-linux/libssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.6-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67092.json"