CVE-2025-26465

Medium CVSS: 6.8

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Vendor

Openbsd

Product

Openssh

CWE

CWE-390

Yayın Tarihi

2025-02-18 19:15:29

Güncelleme

2025-11-03 22:18:41

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-390 Openssh MEDIUM Openbsd 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:16823 https://access.redhat.com/errata/RHSA-2025:3837 https://access.redhat.com/errata/RHSA-2025:6993 https://access.redhat.com/errata/RHSA-2025:8385 https://access.redhat.com/security/cve/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://seclists.org/oss-sec/2025/q1/144 http://seclists.org/fulldisclosure/2025/Feb/18 http://seclists.org/fulldisclosure/2025/May/7 http://seclists.org/fulldisclosure/2025/May/8 https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466 https://bugzilla.suse.com/show_bug.cgi?id=1237040 https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html https://security-tracker.debian.org/tracker/CVE-2025-26465 https://security.netapp.com/advisory/ntap-20250228-0003/ https://ubuntu.com/security/CVE-2025-26465 https://www.openssh.com/releasenotes.html#9.9p2 https://www.openwall.com/lists/oss-security/2025/02/18/1 https://www.openwall.com/lists/oss-security/2025/02/18/4 https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/ https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh https://seclists.org/oss-sec/2025/q1/144

Benzer Kayıtlar

Medium

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i…

Medium

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it dis…

High

CVE-2025-30334

In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash…

Medium

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a m…