Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-26466

Опубликовано: 28 фев. 2025
Источник: nvd
CVSS3: 5.9
EPSS Средний

Описание

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openbsd:openssh:9.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.42381
Средний

5.9 Medium

CVSS3

Дефекты

CWE-770
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2025-26466

CVSS3: 5.9
ubuntu
6 месяцев назад

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

redhat логотип

CVE-2025-26466

CVSS3: 5.9
redhat
6 месяцев назад

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

msrc логотип

CVE-2025-26466

CVSS3: 5.9
msrc
6 месяцев назад

Описание отсутствует

debian логотип

CVE-2025-26466

CVSS3: 5.9
debian
6 месяцев назад

A flaw was found in the OpenSSH package. For each ping packet the SSH ...

github логотип

GHSA-m92w-x6j2-5gc5

CVSS3: 5.9
github
6 месяцев назад

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

EPSS

Процентиль: 97%
0.42381
Средний

5.9 Medium

CVSS3

Дефекты

CWE-770
CWE-770