CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-8114 – Libssh: null pointer dereference in libssh kex session id calculation
https://notcve.org/view.php?id=CVE-2025-8114
24 Jul 2025 — A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. Se encontró una falla en libssh, una librería que implementa el protocolo SSH. Al calcular el ID de sesión durante el proceso de intercambio de claves (KEX), un fallo de asignación en las funciones criptográficas puede provocar ... • https://access.redhat.com/security/cve/CVE-2025-8114 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-5449 – Libssh: integer overflow in libssh sftp server packet length validation leading to denial of service
https://notcve.org/view.php?id=CVE-2025-5449
05 Jul 2025 — A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service. Se detectó una falla en la lógica de decodificación de mensajes del servidor SFTP de libssh. El problema se debe a una comprobación incorrecta de la longitud del paquete, lo que per... • https://access.redhat.com/security/cve/CVE-2025-5449 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2025-5987 – Libssh: invalid return code for chacha20 poly1305 with openssl backend
https://notcve.org/view.php?id=CVE-2025-5987
05 Jul 2025 — A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes. Ro... • https://access.redhat.com/security/cve/CVE-2025-5987 • CWE-393: Return of Wrong Status Code •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5351 – Libssh: double free vulnerability in libssh key export functions
https://notcve.org/view.php?id=CVE-2025-5351
04 Jul 2025 — A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.... • https://access.redhat.com/security/cve/CVE-2025-5351 • CWE-415: Double Free •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5372 – Libssh: incorrect return code handling in ssh_kdf() in libssh
https://notcve.org/view.php?id=CVE-2025-5372
04 Jul 2025 — A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, in... • https://access.redhat.com/security/cve/CVE-2025-5372 • CWE-682: Incorrect Calculation •
CVSS: 8.5EPSS: 0%CPEs: 42EXPL: 0CVE-2025-5318 – Libssh: out-of-bounds read in sftp_handle()
https://notcve.org/view.php?id=CVE-2025-5318
24 Jun 2025 — A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. A flaw was found in the libssh library in versions less than... • https://access.redhat.com/security/cve/CVE-2025-5318 • CWE-125: Out-of-bounds Read •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6004 – Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
https://notcve.org/view.php?id=CVE-2023-6004
28 Dec 2023 — A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Se encontró una falla en libssh. Al utilizar la función ProxyCommand o ProxyJump, los usuarios pueden explotar la sintaxis del hostname no verificada en el cliente. • https://access.redhat.com/errata/RHSA-2024:2504 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6918 – Libssh: missing checks for return values for digests
https://notcve.org/view.php?id=CVE-2023-6918
18 Dec 2023 — A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. Se encontró un fallo en la capa abstracta de implementación de lib... • https://access.redhat.com/errata/RHSA-2024:2504 • CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 57%CPEs: 79EXPL: 5CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3603 – Processing sftp server read may cause null dereference
https://notcve.org/view.php?id=CVE-2023-3603
21 Jul 2023 — A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security rel... • https://access.redhat.com/security/cve/CVE-2023-3603 • CWE-476: NULL Pointer Dereference •