CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

CVSS v3.0 5.9 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-26466	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2345043	Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1237041	Third Party Advisory
https://seclists.org/oss-sec/2025/q1/144
https://security.netapp.com/advisory/ntap-20250228-0002/	Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2025-26466	Third Party Advisory
https://ubuntu.com/security/CVE-2025-26466	Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/02/18/1	Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/02/18/4	Mailing List Third Party Advisory
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt	Third Party Advisory
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openbsd:openssh:9.8:-::::::
	cpe:2.3:a:openbsd:openssh:9.9:-::::::
	cpe:2.3:a:openbsd:openssh:9.9:p1::::::
	cpe:2.3:a:openbsd:openssh:9.5:p1::::::
	cpe:2.3:a:openbsd:openssh:9.6:-::::::
	cpe:2.3:a:openbsd:openssh:9.6:p1::::::
	cpe:2.3:a:openbsd:openssh:9.7:-::::::
	cpe:2.3:a:openbsd:openssh:9.7:p1::::::
	cpe:2.3:a:openbsd:openssh:9.8:p1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:24.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*
	cpe:2.3:o:debian:debian_linux:13.0:::::::*

History

27 May 2025, 16:15

Type	Values Removed	Values Added
References		() https://seclists.org/oss-sec/2025/q1/144 -
CWE	~~CWE-770~~

10 Apr 2025, 19:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9

21 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-770

05 Mar 2025, 14:05

Type	Values Removed	Values Added
CPE		cpe:2.3:a:openbsd:openssh:9.7:p1:::::: cpe:2.3:a:openbsd:openssh:9.8:-:::::: cpe:2.3:a:openbsd:openssh:9.8:p1:::::: cpe:2.3:a:openbsd:openssh:9.9:-:::::: cpe:2.3:a:openbsd:openssh:9.9:p1:::::: cpe:2.3:a:openbsd:openssh:9.6:-:::::: cpe:2.3:a:openbsd:openssh:9.6:p1:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:24.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts::: cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:a:openbsd:openssh:9.7:-:::::: cpe:2.3:a:openbsd:openssh:9.5:p1::::::
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2345043 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2345043 - Issue Tracking
References	~~() https://www.openwall.com/lists/oss-security/2025/02/18/4 -~~	() https://www.openwall.com/lists/oss-security/2025/02/18/4 - Mailing List, Third Party Advisory
References	~~() https://ubuntu.com/security/CVE-2025-26466 -~~	() https://ubuntu.com/security/CVE-2025-26466 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2025-26466 -~~	() https://access.redhat.com/security/cve/CVE-2025-26466 - Third Party Advisory
References	~~() https://bugzilla.suse.com/show_bug.cgi?id=1237041 -~~	() https://bugzilla.suse.com/show_bug.cgi?id=1237041 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20250228-0002/ -~~	() https://security.netapp.com/advisory/ntap-20250228-0002/ - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2025/02/18/1 -~~	() https://www.openwall.com/lists/oss-security/2025/02/18/1 - Mailing List, Third Party Advisory
References	~~() https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt -~~	() https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt - Third Party Advisory
References	~~() https://security-tracker.debian.org/tracker/CVE-2025-26466 -~~	() https://security-tracker.debian.org/tracker/CVE-2025-26466 - Third Party Advisory
First Time		Openbsd openssh Canonical ubuntu Linux Openbsd Debian debian Linux Debian Canonical

05 Mar 2025, 04:15

Type	Values Removed	Values Added
References		() https://www.openwall.com/lists/oss-security/2025/02/18/4 - () https://ubuntu.com/security/CVE-2025-26466 - () https://bugzilla.suse.com/show_bug.cgi?id=1237041 - () https://www.openwall.com/lists/oss-security/2025/02/18/1 - () https://security-tracker.debian.org/tracker/CVE-2025-26466 -

04 Mar 2025, 20:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : unknown

28 Feb 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-28 22:15

Updated : 2025-05-27 16:15

NVD link : CVE-2025-26466

Mitre link : CVE-2025-26466

JSON object : View

Products Affected

canonical

ubuntu_linux

openbsd

openssh

debian

debian_linux

CWE

No CWE.

5.9 /10