Nixpkgs security tracker
NIXPKGS-2025-0001
published on
Permalink
CVE-2025-26466
5.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
by @mweinelt Activity log
- Created automatic suggestion
- @fricklerhandwerk accepted
- @mweinelt published on GitHub
Openssh: denial-of-service in openssh
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
References
Affected products
rhcos
OpenSSH
- =<9.9p1
openssh
Matching in nixpkgs
pkgs.openssh
Implementation of the SSH protocol
pkgs.opensshTest
Implementation of the SSH protocol
pkgs.openssh_hpn
Implementation of the SSH protocol with high performance networking patches
pkgs.openssh_gssapi
Implementation of the SSH protocol with GSSAPI support
Package maintainers
-
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@aneeshusa Aneesh Agrawal <aneeshusa@gmail.com>
-
@wahjava Ashish SHUKLA <ashish.is@lostca.se>