CVE-2025-22869

High CVSS: 7.5

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Vendor

Product

Ssh

CWE

CWE-770

Yayın Tarihi

2025-02-26 08:14:24

Güncelleme

2025-05-01 19:28:20

Source Identifier

security@golang.org

KEV Date Added

Kategoriler

CWE-770 Ssh HIGH Go 2025

Referanslar

https://go.dev/cl/652135 https://go.dev/issue/71931 https://pkg.go.dev/vuln/GO-2025-3487 https://security.netapp.com/advisory/ntap-20250411-0010/

Benzer Kayıtlar

Medium

CVE-2025-58190

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can…

Medium

CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which…

Medium

CVE-2025-68120

To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

High

CVE-2025-47913

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the cl…

High

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.