libssh Memory Exhaustion Vulnerability During Key Exchange Processes

A memory exhaustion vulnerability has been identified in the libssh library, specifically in its key exchange (KEX) handling. When an authenticated client repeatedly sends incorrect KEX guesses, libssh allocates new ephemeral key pairs without releasing the old ones. This memory leak can gradually deplete system resources, leading to crashes and instability on the client side, especially when libgcrypt is in use. The issue affects several KEX algorithms and is present in libssh versions 0.6.0 and later.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the client side by exhausting system memory, which can lead to application crashes or instability.

Reproduction

To reproduce this vulnerability, an authenticated client must initiate key exchanges with incorrect first_kex_packet_follows guesses. This can be done by using a libssh version 0.6.0 or later that supports the affected KEX algorithms. The memory leak can be observed by monitoring the application's memory usage, which will gradually increase until it exhausts available system resources.

Remediation

Users are advised to apply updated libssh packages once available to prevent memory exhaustion risks on client systems.