Overview

File _patchinfo of Package patchinfo.40696

<patchinfo incident="40696">
  <issue tracker="cve" id="2025-8114"/>
  <issue tracker="cve" id="2025-8277"/>
  <issue tracker="bnc" id="1246974">VUL-0: CVE-2025-8114: libssh: improper handling of allocation errors leads to NULL pointer dereference when calculating the session ID during the key exchange (KEX) process</issue>
  <issue tracker="bnc" id="1249375">VUL-0: CVE-2025-8277: libssh,libssh2_org: Memory Exhaustion via Repeated Key Exchange</issue>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libssh</summary>
  <description>This update for libssh fixes the following issues:

- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
  repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
  (bsc#1246974).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places