csaf_suse - suse-su-2025:20160-1

suse-su-2025:20160-1

Vulnerability from csaf_suse

Published

2025-03-25 09:02

Modified

2025-03-25 09:02

Summary

Security update for openssh

Notes

Title of the patch

Security update for openssh

Description of the patch

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). Other bugfixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). - Add #include <stdlib.h> in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Added missing struct initializer, added missing parameter (bsc#1222840). - Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by upstream (bsc#1221928). - Use %config(noreplace) for sshd_config. In any case, it's recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063). - Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow (bsc#1229449). - Drop keycat binary that is not supported, except of the code that is used by other SELinux patches (bsc#1229072). - Fix RFC4256 implementation that keyboard-interactive authentication method can send instructions and sshd shows them to users (bsc#1229010). - Add attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1186673, bsc#1213004, bsc#1213008). - Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

Patchnames

SUSE-SLE-Micro-6.0-259

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssh",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssh fixes the following issues:\n\n- CVE-2025-26465: Fixed MitM attack against OpenSSH\u0027s VerifyHostKeyDNS-enabled client (bsc#1237040).\n- CVE-2025-26466: Fixed DoS attack against OpenSSH\u0027s client and server (bsc#1237041).\n\nOther bugfixes:\n\n- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). \n- Add #include \u003cstdlib.h\u003e in some files added by the ldap patch to fix build with gcc14 (bsc#1225904).\n- Added missing struct initializer, added missing parameter (bsc#1222840).\n- Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by upstream (bsc#1221928). \n- Use %config(noreplace) for sshd_config. In any case, it\u0027s recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063).\n- Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow (bsc#1229449).\n- Drop keycat binary that is not supported, except of the code that is used by other SELinux patches (bsc#1229072).\n- Fix RFC4256 implementation that keyboard-interactive authentication method can send instructions and sshd shows them to users (bsc#1229010).\n- Add attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1186673, bsc#1213004, bsc#1213008).\n- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-259",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20160-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20160-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520160-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20160-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021179.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186673",
        "url": "https://bugzilla.suse.com/1186673"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213004",
        "url": "https://bugzilla.suse.com/1213004"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213008",
        "url": "https://bugzilla.suse.com/1213008"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221063",
        "url": "https://bugzilla.suse.com/1221063"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221928",
        "url": "https://bugzilla.suse.com/1221928"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1222840",
        "url": "https://bugzilla.suse.com/1222840"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1225904",
        "url": "https://bugzilla.suse.com/1225904"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227456",
        "url": "https://bugzilla.suse.com/1227456"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229010",
        "url": "https://bugzilla.suse.com/1229010"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229072",
        "url": "https://bugzilla.suse.com/1229072"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1229449",
        "url": "https://bugzilla.suse.com/1229449"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236826",
        "url": "https://bugzilla.suse.com/1236826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237040",
        "url": "https://bugzilla.suse.com/1237040"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1237041",
        "url": "https://bugzilla.suse.com/1237041"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-26465 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-26465/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-26466 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-26466/"
      }
    ],
    "title": "Security update for openssh",
    "tracking": {
      "current_release_date": "2025-03-25T09:02:20Z",
      "generator": {
        "date": "2025-03-25T09:02:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20160-1",
      "initial_release_date": "2025-03-25T09:02:20Z",
      "revision_history": [
        {
          "date": "2025-03-25T09:02:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-9.6p1-3.1.aarch64",
                  "product_id": "openssh-9.6p1-3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-clients-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-clients-9.6p1-3.1.aarch64",
                  "product_id": "openssh-clients-9.6p1-3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-common-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-common-9.6p1-3.1.aarch64",
                  "product_id": "openssh-common-9.6p1-3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-fips-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-fips-9.6p1-3.1.aarch64",
                  "product_id": "openssh-fips-9.6p1-3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-server-9.6p1-3.1.aarch64",
                  "product_id": "openssh-server-9.6p1-3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
                "product": {
                  "name": "openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
                  "product_id": "openssh-server-config-rootlogin-9.6p1-3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-9.6p1-3.1.s390x",
                  "product_id": "openssh-9.6p1-3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-clients-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-clients-9.6p1-3.1.s390x",
                  "product_id": "openssh-clients-9.6p1-3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-common-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-common-9.6p1-3.1.s390x",
                  "product_id": "openssh-common-9.6p1-3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-fips-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-fips-9.6p1-3.1.s390x",
                  "product_id": "openssh-fips-9.6p1-3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-server-9.6p1-3.1.s390x",
                  "product_id": "openssh-server-9.6p1-3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-config-rootlogin-9.6p1-3.1.s390x",
                "product": {
                  "name": "openssh-server-config-rootlogin-9.6p1-3.1.s390x",
                  "product_id": "openssh-server-config-rootlogin-9.6p1-3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssh-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-9.6p1-3.1.x86_64",
                  "product_id": "openssh-9.6p1-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-clients-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-clients-9.6p1-3.1.x86_64",
                  "product_id": "openssh-clients-9.6p1-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-common-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-common-9.6p1-3.1.x86_64",
                  "product_id": "openssh-common-9.6p1-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-fips-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-fips-9.6p1-3.1.x86_64",
                  "product_id": "openssh-fips-9.6p1-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-server-9.6p1-3.1.x86_64",
                  "product_id": "openssh-server-9.6p1-3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openssh-server-config-rootlogin-9.6p1-3.1.x86_64",
                "product": {
                  "name": "openssh-server-config-rootlogin-9.6p1-3.1.x86_64",
                  "product_id": "openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-clients-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-clients-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-clients-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-clients-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-clients-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-clients-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-common-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-common-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-common-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-common-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-common-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-common-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-fips-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-fips-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-fips-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-fips-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-fips-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-fips-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-server-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-server-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-server-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-config-rootlogin-9.6p1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64"
        },
        "product_reference": "openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-config-rootlogin-9.6p1-3.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x"
        },
        "product_reference": "openssh-server-config-rootlogin-9.6p1-3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssh-server-config-rootlogin-9.6p1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
        },
        "product_reference": "openssh-server-config-rootlogin-9.6p1-3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-26465",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-26465"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-26465",
          "url": "https://www.suse.com/security/cve/CVE-2025-26465"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237040 for CVE-2025-26465",
          "url": "https://bugzilla.suse.com/1237040"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237041 for CVE-2025-26465",
          "url": "https://bugzilla.suse.com/1237041"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-25T09:02:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-26465"
    },
    {
      "cve": "CVE-2025-26466",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-26466"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
          "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-26466",
          "url": "https://www.suse.com/security/cve/CVE-2025-26466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237041 for CVE-2025-26466",
          "url": "https://bugzilla.suse.com/1237041"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-clients-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-common-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-fips-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-9.6p1-3.1.x86_64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.aarch64",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.s390x",
            "SUSE Linux Micro 6.0:openssh-server-config-rootlogin-9.6p1-3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-03-25T09:02:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-26466"
    }
  ]
}

CVE-2025-26465 (GCVE-0-2025-26465)

Vulnerability from cvelistv5

Published

2025-02-18 18:27

Modified

2025-08-14 13:06

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-390 - Detection of Error Condition Without Action

Summary

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:3837	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:6993	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:8385	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-26465	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2344780	issue-tracking, x_refsource_REDHAT
	https://seclists.org/oss-sec/2025/q1/144

Impacted products

Vendor

Product

Version

►

Version: 6.8p1 <

Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:8.7p1-45.el9 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:8.7p1-45.el9 < * cpe:/o:redhat:enterprise_linux:9::baseos cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:8.7p1-38.el9_4.5 < * cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Discovery 1.14	Unaffected: sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63 < * cpe:/a:redhat:discovery:1.14::el9
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-03T17:48:15.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
          },
          {
            "url": "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/"
          },
          {
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1237040"
          },
          {
            "url": "https://security-tracker.debian.org/tracker/CVE-2025-26465"
          },
          {
            "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig"
          },
          {
            "url": "https://ubuntu.com/security/CVE-2025-26465"
          },
          {
            "url": "https://www.openssh.com/releasenotes.html#9.9p2"
          },
          {
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466"
          },
          {
            "url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250228-0003/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26465",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T15:02:09.369445Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:02:45.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://seclists.org/oss-sec/2025/q1/144"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.openssh.com/",
          "defaultStatus": "unaffected",
          "packageName": "OpenSSH",
          "repo": "https://anongit.mindrot.org/openssh.git",
          "versions": [
            {
              "lessThanOrEqual": "9.9p1",
              "status": "affected",
              "version": "6.8p1",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-45.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9::baseos",
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-45.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:9.4::baseos",
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.7p1-38.el9_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:1.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 1.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client\u0027s memory resource first, turning the attack complexity high."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T13:06:48.611Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:3837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:3837"
        },
        {
          "name": "RHSA-2025:6993",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:6993"
        },
        {
          "name": "RHSA-2025:8385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8385"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-26465"
        },
        {
          "name": "RHBZ#2344780",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344780"
        },
        {
          "url": "https://seclists.org/oss-sec/2025/q1/144"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-10T21:56:03.853000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-17T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-26465",
    "datePublished": "2025-02-18T18:27:16.843Z",
    "dateReserved": "2025-02-10T18:31:47.978Z",
    "dateUpdated": "2025-08-14T13:06:48.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-26466 (GCVE-0-2025-26466)

Vulnerability from cvelistv5

Published

2025-02-28 21:25

Modified

2025-07-25 07:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

References

►

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:20160-1

Vulnerability from csaf_suse

CVE-2025-26465 (GCVE-0-2025-26465)

Vulnerability from cvelistv5

CVE-2025-26466 (GCVE-0-2025-26466)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature