Pre-authentication Denial of Service attack in OpenSSH – CVE-2025-26466

CVSSv3 Score:

5.9

CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

Revised on 2026-03-04 00:00:00

Source link

What's Hot

Erlang security advisory (AV26-320) – Canadian Centre for Cyber Security

ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability

Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog

Erlang security advisory (AV26-320) – Canadian Centre for Cyber Security

ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability

`Host` header injection

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Our Picks

Erlang security advisory (AV26-320) – Canadian Centre for Cyber Security

ZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass Vulnerability

Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog

Subscribe to Updates

What's Hot

Pre-authentication Denial of Service attack in OpenSSH – CVE-2025-26466

Related Posts

Subscribe to Updates