N/A - CVE-2025-26466

Executive Summary

Informations
Name	CVE-2025-26466	First vendor Publication	2025-02-28
Vendor	Cve	Last vendor Modification	2025-03-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26466

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-770	Allocation of Resources Without Limits or Throttling

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openbsd Openssh cpe:2.3:a:openbsd:openssh:9.9:-:::::: cpe:2.3:a:openbsd:openssh:9.9:p1:::::: cpe:2.3:a:openbsd:openssh:9.8:-:::::: cpe:2.3:a:openbsd:openssh:9.8:p1:::::: cpe:2.3:a:openbsd:openssh:9.7:-:::::: cpe:2.3:a:openbsd:openssh:9.7:p1:::::: cpe:2.3:a:openbsd:openssh:9.6:-:::::: cpe:2.3:a:openbsd:openssh:9.6:p1:::::: cpe:2.3:a:openbsd:openssh:9.5:p1::::::	9
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:24.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:24.04::::lts:::	2
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:13.0:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::*	3

Sources (Detail)

https://access.redhat.com/security/cve/CVE-2025-26466
https://bugzilla.redhat.com/show_bug.cgi?id=2345043
https://bugzilla.suse.com/show_bug.cgi?id=1237041
https://security-tracker.debian.org/tracker/CVE-2025-26466
https://security.netapp.com/advisory/ntap-20250228-0002/
https://ubuntu.com/security/CVE-2025-26466
https://www.openwall.com/lists/oss-security/2025/02/18/1
https://www.openwall.com/lists/oss-security/2025/02/18/4
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-03-21 21:20:37	Multiple Updates
2025-03-07 03:10:49	Multiple Updates
2025-03-07 03:10:43	Multiple Updates
2025-03-06 21:20:38	Multiple Updates
2025-03-05 09:20:35	Multiple Updates
2025-03-05 00:20:33	Multiple Updates
2025-03-01 00:40:40	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	14
Sources(s)	9

N/A - CVE-2025-26466

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU