Source: libssh Version: 0.11.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 0.10.6-0+deb12u1 Control: found -1 0.9.8-0+deb11u1
Hi, The following vulnerability was published for libssh. CVE-2025-8277[0]: | A flaw was found in libssh's handling of key exchange (KEX) | processes when a client repeatedly sends incorrect KEX guesses. The | library fails to free memory during these rekey operations, which | can gradually exhaust system memory. This issue can lead to crashes | on the client side, particularly when using libgcrypt, which impacts | application stability and availability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-8277 https://www.cve.org/CVERecord?id=CVE-2025-8277 [1] https://www.libssh.org/security/advisories/CVE-2025-8277.txt Regards, Salvatore
