What is GHSA-39mw-228p-wr6v?

GHSA-39mw-228p-wr6v is a security advisory published by GitHub Security Advisories with Low severity. A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly...

Which CVE IDs does GHSA-39mw-228p-wr6v cover?

GHSA-39mw-228p-wr6v covers the following CVE IDs: CVE-2025-8277. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-39mw-228p-wr6v?

GHSA-39mw-228p-wr6v has a CVSS v3 base score of 3.1, published by GitHub Security Advisories.

GHSA-39mw-228p-wr6vLowCVSS 3.1

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly...

Vendor

GitHub Security Advisories

Published

September 9, 2025

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2025-8277 →

📋 Description

A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2025-8277
https://access.redhat.com/security/cve/CVE-2025-8277
https://bugzilla.redhat.com/show_bug.cgi?id=2383888
https://www.libssh.org/security/advisories/CVE-2025-8277.txt
https://access.redhat.com/errata/RHSA-2026:18683
https://github.com/advisories/GHSA-39mw-228p-wr6v