High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-22869
HighVulnerability Description
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Known Affected Software
34 configuration(s) from 1 vendor(s)
cpe:2.3:a:go:ssh:0.34.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.29.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.24.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.31.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.33.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.25.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.10.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.9.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.17.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.21.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.11.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.27.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.8.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.16.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.15.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.13.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.22.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.1.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.18.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.23.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.12.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.28.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.2.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.4.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.6.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.19.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.3.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.30.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.32.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.14.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.5.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.7.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.20.0:*:*:*:*:go:*:*
cpe:2.3:a:go:ssh:0.26.0:*:*:*:*:go:*:*
CPUAPR2026
Oracle Critical Patch Update Advisory - April 2026
2025-Feb-CVE-2025-22869
CVE-2025-22869: Potential denial of service in golang.org/x/crypto
2025-Mar-CVE-2025-22869
CVE-2025-22869: None
CVE-2025-22869
CVE-2025-22869
References & Resources
-
https://go.dev/cl/652135security@golang.org Patch
-
https://go.dev/issue/71931security@golang.org Issue Tracking Patch
-
https://pkg.go.dev/vuln/GO-2025-3487security@golang.org Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20250411-0010/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
- Description
- The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- February 26, 2025
