CVE-2025-26466
⚪ Do wiadomości
Wzrost zużycia pamięci w OpenSSH może prowadzić do ataku typu denial of service.
CVSS
5.9
EPSS
38.5%
Exploit
none
Vendor
openbsd
Opis źródłowy (NVD)
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
dos
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.9 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 38.5% |
| Opublikowano (NVD) | 2025-02-28 22:15:40 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-25 05:16:39 UTC |
Referencje
- https://access.redhat.com/security/cve/CVE-2025-26466 (secalert@redhat.com) [Third Party Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2345043 (secalert@redhat.com) [Issue Tracking]
- https://seclists.org/oss-sec/2025/q1/144 (secalert@redhat.com)
- https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt (secalert@redhat.com) [Third Party Advisory]
- http://seclists.org/fulldisclosure/2025/Feb/18 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/May/7 (af854a3a-2127-422b-91ae-364da2661108)
- http://seclists.org/fulldisclosure/2025/May/8 (af854a3a-2127-422b-91ae-364da2661108)
- https://bugzilla.suse.com/show_bug.cgi?id=1237041 (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://security-tracker.debian.org/tracker/CVE-2025-26466 (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20250228-0002/ (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://ubuntu.com/security/CVE-2025-26466 (af854a3a-2127-422b-91ae-364da2661108) [Third Party Advisory]
- https://www.openwall.com/lists/oss-security/2025/02/18/1 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]
- https://www.openwall.com/lists/oss-security/2025/02/18/4 (af854a3a-2127-422b-91ae-364da2661108) [Mailing List, Third Party Advisory]
- https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-openssh (af854a3a-2127-422b-91ae-364da2661108)
- https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-openssh (af854a3a-2127-422b-91ae-364da2661108)