libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CLSA-2025-1765985737 libssh: Fix of 2 CVEs

CVE-2025-5351: fix double-free conditions - CVE-2025-8114: fix NULL pointer dereference...

RHEL 10 : libssh (RHSA-2025:23484)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23484 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...

Unity Linux 20.1070e Security Update: libssh (UTSA-2025-991268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991268 advisory. A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered i...

SUSE SLES12 Security Update : libssh (SUSE-SU-2025:4408-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4408-1 advisory. - CVE-2025-8114: Fixed a NULL pointer dereference when calculating session ID during KEX. bsc1246974 Tenable has extracted the preceding description...

ALSA-2025:23484 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2025:23483 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend CVE-2025-5987 For more details about the security issues, including the impact, a CVSS score,...

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-5

CVE-2025-8277 affecting package libssh for versions less than 0.10.6-5. A patched version of the package is available...

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5. A patched version of the package is available...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-8114: Fixed a NULL pointer dereference when calculating session ID during KEX. bsc1246974 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

SUSE-SU-2025:4408-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-8114: Fixed a NULL pointer dereference when calculating session ID during KEX. bsc1246974...

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5

CVE-2025-8114 affecting package libssh for versions less than 0.10.6-5. A patched version of the package is available...

Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

RHSA-2025:23024 Red Hat Security Advisory: libssh security update

Bulletin has no description...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2502)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2502)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an...

EulerOS 2.0 SP13 : libssh (EulerOS-SA-2025-2523)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an...

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2025-2484)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...