OpenSSH: OpenSSH denial of service (CVE-2025-26466) #shorts

Summary

In today's podcast, we delve into the security flaw identified as CVE-2025-26466. This vulnerability affects the widely used OpenSSH package and could potentially lead to a Denial of Service or DoS attack. Discovered by Qualys TRU, CVE-2025-26466, along with CVE-2025-26465, highlights critical security risks in both client and server implementations, underscoring the necessity for proactive vulnerability management.

Product details

The products affected by this vulnerability primarily include the OpenSSH package, specifically versions from 9.5p1 up to and including 9.9p1. Additionally, Red Hat Enterprise Linux versions 6 through 9 and the Red Hat OpenShift Container Platform 4 are marked as vulnerable to this flaw. The vulnerability is notably concerning due to its impact on systems using these widely deployed platforms.

Vulnerability type summary

CVE-2025-26466 is classified as a vulnerability due to uncontrolled resource consumption. When exploited, it allows an attacker to consume system memory by continuously sending ping packets to the SSH server. This can prevent legitimate users from accessing the service, effectively leading to a Denial of Service attack.

Details of the vulnerability

The issue stems from how OpenSSH handles incoming ping packets. When a malicious client floods the server with ping packets, each packet is allocated to a memory buffer and stored in a queue. These packets are retained until the server and client completes a key exchange, which can lead to a memory pile-up. This continuous packet inflow can exhaust system memory resources, making the server unresponsive and allowing an attacker to execute a DoS attack.

Conclusion

In conclusion, CVE-2025-26466 serves as a stark reminder of the potential security threats facing modern IT infrastructures. Organizations using vulnerable versions of OpenSSH, especially on Red Hat platforms, should take immediate action to mitigate this risk by applying necessary updates and patches. Staying informed and proactive in security measures is crucial to safeguarding systems against such emerging threats.

Watch the full video on YouTube: CVE-2025-26466

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-26466
Description
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Provider
redhat
CWE / problem types
Allocation of Resources Without Limits or Throttling
Affected Software Versions
None:None:[{'status': 'affected', 'version': '9.5p1', 'versionType': 'custom', 'lessThanOrEqual': '9.9p1'}],Red Hat:Red Hat Enterprise Linux 6:None,Red Hat:Red Hat Enterprise Linux 7:None,Red Hat:Red Hat Enterprise Linux 8:None,Red Hat:Red Hat Enterprise Linux 9:None,Red Hat:Red Hat OpenShift Container Platform 4:None
Date Published
2025-02-28T21:25:28.861Z
Last Updated
2025-04-10T23:10:06.357Z