First published: Tue Feb 11 2025(Updated: )
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenSSH | =9.5-p1 | |
OpenSSH | =9.6 | |
OpenSSH | =9.6-p1 | |
OpenSSH | =9.7 | |
OpenSSH | =9.7-p1 | |
OpenSSH | =9.8 | |
OpenSSH | =9.8-p1 | |
OpenSSH | =9.9 | |
OpenSSH | =9.9-p1 | |
Ubuntu | =24.04 | |
Ubuntu | =24.10 | |
Debian | =11.0 | |
Debian | =12.0 | |
Debian | =13.0 | |
debian/openssh | 1:8.4p1-5+deb11u3 1:8.4p1-5+deb11u4 1:9.2p1-2+deb12u5 1:9.9p2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26466 is classified as a Denial of Service vulnerability due to asymmetric resource consumption affecting memory and CPU.
To mitigate CVE-2025-26466, update to versions 1:9.9p1-3 or later of the OpenSSH package.
CVE-2025-26466 affects OpenSSH versions up to and including 1:9.9p1-3.
Yes, CVE-2025-26466 can be exploited remotely, leading to resource exhaustion on the server.
The potential impacts of CVE-2025-26466 include service disruption due to excessive consumption of server resources.