CVE-2025-8277

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-8277

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8277.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8277

Downstream

AZL-67092

AZL-67095

BELL-CVE-2025-8277

DEBIAN-CVE-2025-8277

DLA-4385-1

OESA-2025-2342

SUSE-SU-2025:03368-1

SUSE-SU-2025:03369-1

SUSE-SU-2025:20847-1

SUSE-SU-2025:20894-1

SUSE-SU-2025:3787-1

SUSE-SU-2025:3788-1

SUSE-SU-2025:3897-1

SUSE-SU-2026:21396-1

UBUNTU-CVE-2025-8277

USN-8051-1

USN-8051-2

openSUSE-SU-2025:15545-1

openSUSE-SU-2026:20647-1

Related

Published

2025-09-09T12:15:30Z

Modified

2026-05-01T18:44:32.637047536Z

Summary

[none]

Details

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

References

Affected packages