CVE-2025-26466
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/02/2025
Last modified:
10/02/2026
Description
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openbsd:openssh:9.5:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.6:-:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.6:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.7:-:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.7:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.8:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:* | ||
| cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/CVE-2025-26466
- https://bugzilla.redhat.com/show_bug.cgi?id=2345043
- https://seclists.org/oss-sec/2025/q1/144
- https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
- http://seclists.org/fulldisclosure/2025/Feb/18
- http://seclists.org/fulldisclosure/2025/May/7
- http://seclists.org/fulldisclosure/2025/May/8
- https://bugzilla.suse.com/show_bug.cgi?id=1237041
- https://security-tracker.debian.org/tracker/CVE-2025-26466
- https://security.netapp.com/advisory/ntap-20250228-0002/
- https://ubuntu.com/security/CVE-2025-26466
- https://www.openwall.com/lists/oss-security/2025/02/18/1
- https://www.openwall.com/lists/oss-security/2025/02/18/4
- https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-openssh
- https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-openssh
- https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt