cve-2025-22869
Vulnerability from cvelistv5
Published
2025-02-26 03:07
Modified
2025-02-26 14:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
0.09% (0.22957)
Summary
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
References
security@golang.orghttps://go.dev/cl/652135
security@golang.orghttps://go.dev/issue/71931
security@golang.orghttps://pkg.go.dev/vuln/GO-2025-3487
Impacted products
Vendor Product Version
golang.org/x/crypto golang.org/x/crypto/ssh Version: 0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2025-22869",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-26T14:57:07.968721Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-770",
                        description: "CWE-770 Allocation of Resources Without Limits or Throttling",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-26T14:57:49.252Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://pkg.go.dev",
               defaultStatus: "unaffected",
               packageName: "golang.org/x/crypto/ssh",
               product: "golang.org/x/crypto/ssh",
               programRoutines: [
                  {
                     name: "newHandshakeTransport",
                  },
                  {
                     name: "handshakeTransport.recordWriteError",
                  },
                  {
                     name: "handshakeTransport.kexLoop",
                  },
                  {
                     name: "handshakeTransport.writePacket",
                  },
                  {
                     name: "Client.Dial",
                  },
                  {
                     name: "Client.DialContext",
                  },
                  {
                     name: "Client.DialTCP",
                  },
                  {
                     name: "Client.Listen",
                  },
                  {
                     name: "Client.ListenTCP",
                  },
                  {
                     name: "Client.ListenUnix",
                  },
                  {
                     name: "Client.NewSession",
                  },
                  {
                     name: "Dial",
                  },
                  {
                     name: "DiscardRequests",
                  },
                  {
                     name: "NewClient",
                  },
                  {
                     name: "NewClientConn",
                  },
                  {
                     name: "NewServerConn",
                  },
                  {
                     name: "Request.Reply",
                  },
                  {
                     name: "Session.Close",
                  },
                  {
                     name: "Session.CombinedOutput",
                  },
                  {
                     name: "Session.Output",
                  },
                  {
                     name: "Session.RequestPty",
                  },
                  {
                     name: "Session.RequestSubsystem",
                  },
                  {
                     name: "Session.Run",
                  },
                  {
                     name: "Session.SendRequest",
                  },
                  {
                     name: "Session.Setenv",
                  },
                  {
                     name: "Session.Shell",
                  },
                  {
                     name: "Session.Signal",
                  },
                  {
                     name: "Session.Start",
                  },
                  {
                     name: "Session.WindowChange",
                  },
                  {
                     name: "channel.Accept",
                  },
                  {
                     name: "channel.Close",
                  },
                  {
                     name: "channel.CloseWrite",
                  },
                  {
                     name: "channel.Read",
                  },
                  {
                     name: "channel.ReadExtended",
                  },
                  {
                     name: "channel.Reject",
                  },
                  {
                     name: "channel.SendRequest",
                  },
                  {
                     name: "channel.Write",
                  },
                  {
                     name: "channel.WriteExtended",
                  },
                  {
                     name: "connection.SendAuthBanner",
                  },
                  {
                     name: "curve25519sha256.Client",
                  },
                  {
                     name: "curve25519sha256.Server",
                  },
                  {
                     name: "dhGEXSHA.Client",
                  },
                  {
                     name: "dhGEXSHA.Server",
                  },
                  {
                     name: "dhGroup.Client",
                  },
                  {
                     name: "dhGroup.Server",
                  },
                  {
                     name: "ecdh.Client",
                  },
                  {
                     name: "ecdh.Server",
                  },
                  {
                     name: "extChannel.Read",
                  },
                  {
                     name: "extChannel.Write",
                  },
                  {
                     name: "mux.OpenChannel",
                  },
                  {
                     name: "mux.SendRequest",
                  },
                  {
                     name: "sessionStdin.Close",
                  },
                  {
                     name: "sshClientKeyboardInteractive.Challenge",
                  },
                  {
                     name: "tcpListener.Accept",
                  },
                  {
                     name: "tcpListener.Close",
                  },
                  {
                     name: "unixListener.Accept",
                  },
                  {
                     name: "unixListener.Close",
                  },
               ],
               vendor: "golang.org/x/crypto",
               versions: [
                  {
                     lessThan: "0.35.0",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Yuichi Watanabe",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "CWE-770: Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-02-26T03:07:48.855Z",
            orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
            shortName: "Go",
         },
         references: [
            {
               url: "https://go.dev/cl/652135",
            },
            {
               url: "https://go.dev/issue/71931",
            },
            {
               url: "https://pkg.go.dev/vuln/GO-2025-3487",
            },
         ],
         title: "Potential denial of service in golang.org/x/crypto",
      },
   },
   cveMetadata: {
      assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc",
      assignerShortName: "Go",
      cveId: "CVE-2025-22869",
      datePublished: "2025-02-26T03:07:48.855Z",
      dateReserved: "2025-01-08T19:11:42.834Z",
      dateUpdated: "2025-02-26T14:57:49.252Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-22869\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-02-26T08:14:24.997\",\"lastModified\":\"2025-02-26T15:15:25.160\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://go.dev/cl/652135\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/71931\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3487\",\"source\":\"security@golang.org\"}]}}",
      vulnrichment: {
         containers: "{\"cna\": {\"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-02-26T03:07:48.855Z\"}, \"title\": \"Potential denial of service in golang.org/x/crypto\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh\", \"collectionURL\": \"https://pkg.go.dev\", \"packageName\": \"golang.org/x/crypto/ssh\", \"versions\": [{\"version\": \"0\", \"lessThan\": \"0.35.0\", \"status\": \"affected\", \"versionType\": \"semver\"}], \"programRoutines\": [{\"name\": \"newHandshakeTransport\"}, {\"name\": \"handshakeTransport.recordWriteError\"}, {\"name\": \"handshakeTransport.kexLoop\"}, {\"name\": \"handshakeTransport.writePacket\"}, {\"name\": \"Client.Dial\"}, {\"name\": \"Client.DialContext\"}, {\"name\": \"Client.DialTCP\"}, {\"name\": \"Client.Listen\"}, {\"name\": \"Client.ListenTCP\"}, {\"name\": \"Client.ListenUnix\"}, {\"name\": \"Client.NewSession\"}, {\"name\": \"Dial\"}, {\"name\": \"DiscardRequests\"}, {\"name\": \"NewClient\"}, {\"name\": \"NewClientConn\"}, {\"name\": \"NewServerConn\"}, {\"name\": \"Request.Reply\"}, {\"name\": \"Session.Close\"}, {\"name\": \"Session.CombinedOutput\"}, {\"name\": \"Session.Output\"}, {\"name\": \"Session.RequestPty\"}, {\"name\": \"Session.RequestSubsystem\"}, {\"name\": \"Session.Run\"}, {\"name\": \"Session.SendRequest\"}, {\"name\": \"Session.Setenv\"}, {\"name\": \"Session.Shell\"}, {\"name\": \"Session.Signal\"}, {\"name\": \"Session.Start\"}, {\"name\": \"Session.WindowChange\"}, {\"name\": \"channel.Accept\"}, {\"name\": \"channel.Close\"}, {\"name\": \"channel.CloseWrite\"}, {\"name\": \"channel.Read\"}, {\"name\": \"channel.ReadExtended\"}, {\"name\": \"channel.Reject\"}, {\"name\": \"channel.SendRequest\"}, {\"name\": \"channel.Write\"}, {\"name\": \"channel.WriteExtended\"}, {\"name\": \"connection.SendAuthBanner\"}, {\"name\": \"curve25519sha256.Client\"}, {\"name\": \"curve25519sha256.Server\"}, {\"name\": \"dhGEXSHA.Client\"}, {\"name\": \"dhGEXSHA.Server\"}, {\"name\": \"dhGroup.Client\"}, {\"name\": \"dhGroup.Server\"}, {\"name\": \"ecdh.Client\"}, {\"name\": \"ecdh.Server\"}, {\"name\": \"extChannel.Read\"}, {\"name\": \"extChannel.Write\"}, {\"name\": \"mux.OpenChannel\"}, {\"name\": \"mux.SendRequest\"}, {\"name\": \"sessionStdin.Close\"}, {\"name\": \"sshClientKeyboardInteractive.Challenge\"}, {\"name\": \"tcpListener.Accept\"}, {\"name\": \"tcpListener.Close\"}, {\"name\": \"unixListener.Accept\"}, {\"name\": \"unixListener.Close\"}], \"defaultStatus\": \"unaffected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/652135\"}, {\"url\": \"https://go.dev/issue/71931\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3487\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Yuichi Watanabe\"}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22869\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T14:57:07.968721Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T14:57:39.044Z\"}}]}",
         cveMetadata: "{\"cveId\": \"CVE-2025-22869\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Go\", \"dateReserved\": \"2025-01-08T19:11:42.834Z\", \"datePublished\": \"2025-02-26T03:07:48.855Z\", \"dateUpdated\": \"2025-02-26T14:57:49.252Z\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.