Unrated severityNVD Advisory· Published Dec 29, 2014· Updated May 6, 2026

CVE-2014-8132

Description

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Affected products

Libssh/Libssh9 versions
cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/nvdPatchVendor Advisory
advisories.mageia.org/MGASA-2015-0014.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-updates/2015-01/msg00007.htmlnvdThird Party Advisory
www.debian.org/security/2016/dsa-3488nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.ubuntu.com/usn/USN-2478-1nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201606-12nvdThird Party Advisory
secunia.com/advisories/60838nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000