CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

Published: Feb 28, 2025
Updated: May 4, 2025
CVE: CVE-2025-26466
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
openbsd / openssh	9.8	9.8.x
openbsd / openssh	9.9	9.9.x
openbsd / openssh	9.9-p1	9.9-p1.x
openbsd / openssh	9.5-p1	9.5-p1.x
openbsd / openssh	9.6	9.6.x
openbsd / openssh	9.6-p1	9.6-p1.x
openbsd / openssh	9.7	9.7.x
openbsd / openssh	9.7-p1	9.7-p1.x
openbsd / openssh	9.8-p1	9.8-p1.x
canonical / ubuntu_linux	24.04	24.04.x
canonical / ubuntu_linux	24.10	24.10.x
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x
debian / debian_linux	13.0	13.0.x

Vulnerability Database

289,598

CVE-2025-26466