CVE-2025-26466
MediumVulnerability Description
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Known Affected Software
10 configuration(s) from 3 vendor(s)
cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.5:-:*:*:*:*:*:*
2025-Feb-CVE-2025-26466
CVE-2025-26466: Openssh: denial-of-service in openssh
2025-Mar-CVE-2025-26466
CVE-2025-26466: None
CPUAPR2025
Oracle Critical Patch Update Advisory - April 2025
CVE-2025-26466
CVE-2025-26466
References & Resources
-
https://access.redhat.com/security/cve/CVE-2025-26466secalert@redhat.com Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2345043secalert@redhat.com Issue Tracking
-
https://seclists.org/oss-sec/2025/q1/144secalert@redhat.com
-
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txtsecalert@redhat.com Third Party Advisory
-
http://seclists.org/fulldisclosure/2025/Feb/18af854a3a-2127-422b-91ae-364da2661108
-
http://seclists.org/fulldisclosure/2025/May/7af854a3a-2127-422b-91ae-364da2661108
-
http://seclists.org/fulldisclosure/2025/May/8af854a3a-2127-422b-91ae-364da2661108
-
https://bugzilla.suse.com/show_bug.cgi?id=1237041af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2025-26466af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20250228-0002/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://ubuntu.com/security/CVE-2025-26466af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2025/02/18/1af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2025/02/18/4af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-opensshaf854a3a-2127-422b-91ae-364da2661108
-
https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-opensshaf854a3a-2127-422b-91ae-364da2661108
-
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt134c704f-9b21-4f2e-91b3-4a467353bcc0 Third Party Advisory
Severity Details
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
- Description
- The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- February 28, 2025
