Memory Consumption Vulnerability in OpenSSH by Red Hat
CVE-2025-26466
Key Information:
- Vendor
- CVE Published:
- 28 February 2025
Badges
What is CVE-2025-26466?
A flaw exists in the OpenSSH package which allows attackers to exploit the server's memory management. When the SSH server receives a ping packet, it allocates corresponding pong packets in a memory buffer, maintaining them in a queue until the key exchange process is complete. This can be manipulated by a malicious client to keep sending ping packets, resulting in excessive memory consumption on the server, potentially leading to service unavailability and a denial of service attack.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Security AffairsOpenSSH bugs allows Man-in-the-Middle and DoS Attacks
Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.
OpenSSH flaws could enable man-in-the-middle attacks, denial of service
If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.
BankInfoSecurityProof-of-Concept Exploits Published for 2 New OpenSSH Bugs
Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose
References
EPSS Score
42% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by The Register
Vulnerability Reserved