CVE-2025-26466

CWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption15 documents12 sources
Severity
5.9MEDIUM
EPSS
60.4%
top 1.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical Ubuntu LinuxDebian Debian LinuxOpenbsd Openssh
Timeline
PublishedFeb 28
Latest updateMay 12

Description

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

Debianopenssh< 1:9.9p2-1+1
NVDopenbsd/openssh5 versions+4

Also affects: Debian Linux 11.0, 12.0, 13.0, Ubuntu Linux 24.04, 24.10

🔴Vulnerability Details

4
GHSA
GHSA-m92w-x6j2-5gc5: A flaw was found in the OpenSSH package2025-03-01
CVEList
Openssh: denial-of-service in openssh2025-02-28
OSV
CVE-2025-26466: A flaw was found in the OpenSSH package2025-02-28
OSV
openssh vulnerabilities2025-02-18

📋Vendor Advisories

8
Apple
CVE-2025-26466: macOS Sequoia 15.52025-05-12
Apple
CVE-2025-26466: macOS Sonoma 14.7.62025-05-12
BSD
FreeBSD-SA-25:05.openssh: Multiple vulnerabilities in OpenSSH2025-02-21
Red Hat
openssh: Denial-of-service in OpenSSH2025-02-18
Ubuntu
OpenSSH vulnerabilities2025-02-18

🕵️Threat Intelligence

2
Qualys
Qualys TRU Uncovers OpenSSH Vulnerabilities CVE‑2025‑26465 & CVE‑2025‑26466 | Qualys2025-02-18
Qualys
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-264662025-02-18
CVE-2025-26466 (MEDIUM CVSS 5.9) | A flaw was found in the OpenSSH pac | cvebase.io