NULL Pointer Dereference vulnerability in the session ID calculation logic of the libssh library. The flaw arises from improper handling of allocation errors during cryptographic operations in the key exchange (KEX) phase. If a memory allocation fails, the resulting NULL pointer may be dereferenced, leading to a crash in both SSH clients and servers. This vulnerability can be exploited by a local attacker with limited privileges and no user interaction, potentially disrupting services that rely on libssh for secure communication.The issue affects libssh versions up to and including 0.11.2.