libssh NULL Pointer Dereference Vulnerability in Key Exchange Session ID Calculation

Vulnerability

A NULL pointer dereference vulnerability has been identified in the libssh library, which implements the SSH protocol. This flaw occurs in versions of libssh through 0.11.2, during the key exchange process when the session ID is being calculated. An allocation failure in cryptographic functions can lead to a NULL pointer being dereferenced, causing a crash in the client or server. This vulnerability can be exploited by a local attacker with limited privileges, disrupting services that rely on libssh for secure communication.

Impact

Exploitation of this vulnerability leads to a crash of the SSH client or server, causing a denial-of-service condition. In rare cases, it could allow a local attacker to read or modify memory, potentially leading to unauthorized code execution.

Added: Jul 24, 2025, 5:50 PM

Updated: Jul 24, 2025, 5:50 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

3.8

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

3.8

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libssh NULL Pointer Dereference Vulnerability in Key Exchange Session ID Calculation

Vulnerability

Impact

Affected Products

libssh

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating