AI description
CVE-2025-26466 is a pre-authentication denial-of-service (DoS) vulnerability affecting both OpenSSH clients and servers. It involves asymmetric resource consumption, meaning an attacker can use minimal resources to cause significant memory and CPU usage on the target system. This was introduced around August 2023, before the release of OpenSSH 9.5p1. The vulnerability stems from how OpenSSH manages SSH handshake messages, specifically the SSH2_MSG_PING and SSH2_MSG_PONG exchange. An attacker floods the server with SSH2_MSG_PING packets. The server allocates memory for SSH2_MSG_PONG responses but doesn't immediately process or free this memory during key exchange. This accumulation of unfreed memory can lead to resource exhaustion and a denial-of-service condition. OpenSSH 9.9p2 addresses this vulnerability. Existing OpenSSH server mechanisms like LoginGraceTime, MaxStartups, and PerSourcePenalties can mitigate this attack.
- Description
- A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Millions of servers are potentially at risk from these two OpenSHH vulnerabilities. Barracuda recommends a number of actions to mitigate the effects of CVE-2025-26465 and CVE-2025-26466: https://t.co/eBtEHRNyWL #cybersecurity https://t.co/xtqmbsNhh7
@barracuda
19 Mar 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Are your OpenSSH setups safe? Two critical vulnerabilities, CVE-2025-26465 & CVE-2025-26466, can lead to data breaches & downtime. Learn how these flaws impact you & secure your systems before it's too late. Read the advisory! https://t.co/VMseugymZF
@sequretek_sqtk
7 Mar 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-26466 - Vulnerabilidad de Denegación de Servicio en OpenSSH 🚨 Se ha identificado una vulnerabilidad en OpenSSH que afecta tanto al cliente como al servidor, permitiendo a un atacante remoto no autenticado provocar una denegación de servicio (DoS). https://t.co/p2CIN
@BanCERT_gt
5 Mar 2025
65 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-26466 🟠 MEDIUM (5.9) 🏢 Unknown Vendor - Unknown Product 🏗️ 9.5p1 🔗 https://t.co/diBHdV2Xkm 🔗 https://t.co/zH1Fim8Kno 🔗 https://t.co/lj1bnShU5R #CyberCron #VulnAlert #InfoSec @RedHat https://t.co/9f7tcD6eBM
@cybercronai
2 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Qualys announced two critical OpenSSH vulnerabilities: CVE-2025-26465 & CVE-2025-26466. AlmaLinux 8 and 9 are impacted by CVE-2025-26465. We’ve pulled in upstream patches and need your help testing! 👇 https://t.co/GFfxlC0iiJ
@AlmaLinux
1 Mar 2025
1932 Impressions
12 Retweets
45 Likes
6 Bookmarks
1 Reply
0 Quotes
🚨 New OpenSSH Vulnerabilities Expose Critical Security Risks: #CVE-2025-26465 and #CVE-2025-26466 https://t.co/Cmu44a8Q4C
@UndercodeNews
28 Feb 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
۲ آسیب پذیری برای openssh منتشر شده است. آسیب پذیری اول دارای کد شناسایی CVE-2025-26465 از نوع MITM بوده و مربوط به OpenSSH 6.8p1 می باشد ، آسیب پذیری دوم دارای کد شناسایی CVE-2025-26466 و از نوع DOS و مربوط به OpenSSH 9.5p1 می باشد. https://t.co/Poz3aKY03t https://t.co/q2ysgcxZ
@AmirHossein_sec
26 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#OpenSSH #vulnerabilities (CVE-2025-26465 & CVE-2025-26466) could leave your servers exposed! Secure your systems now by reviewing this #CybersecurityThreatAdvisory🔒 https://t.co/jZ91tPyIly
@SmarterMSP
25 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“OpenSSH”də boşluqlar (CVE-2025-26465, CVE-2025-26466) aşkar olunub #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/nlaQSjDZR6
@CERTAzerbaijan
25 Feb 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#FreeBSD SA-25:05.openssh OpenSSHのCVE-2025-26465(VerifyHostKeysDNS)とCVE-2025-26466(SSH2_MSG_PING)のバグを上流に倣ってfix 前者は無効にすれば回避できるが後者はLoginGraceTimeとMaxStartupsの設定で緩和だけ。早めに当てよう。 https://t.co/uqHBmBtkVb
@motok2501
25 Feb 2025
90 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: OpenSSH MITM and DoS Vulnerabilities 📅 Timeline: Disclosure: 2025-02-18, Patch: 2025-02-18 📌 Attribution: Qualys Threat Research Unit 🆔cveId: CVE-2025-26465, CVE-2025-26466 📊baseScore: 6.8, 5.9 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H,… ht
@syedaquib77
24 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
۲ آسیب پذیری برای openssh منتشر شده است. آسیب پذیری اول دارای کد شناسایی CVE-2025-26465 از نوع MITM بوده و مربوط به OpenSSH 6.8p1 می باشد ، آسیب پذیری دوم دارای کد شناسایی CVE-2025-26466 و از نوع DOS و مربوط به OpenSSH 9.5p1 می باشد.
@cybernetic_cy
22 Feb 2025
102 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
۲ آسیب پذیری برای openssh منتشر شده است. آسیب پذیری اول دارای کد شناسایی CVE-2025-26465 از نوع MITM بوده و مربوط به OpenSSH 6.8p1 می باشد ، آسیب پذیری دوم دارای کد شناسایی CVE-2025-26466 و از نوع DOS و مربوط به OpenSSH 9.5p1 می باشد. https://t.co/Poz3aKY03t https://t.co/ru3xAlU2
@AmirHossein_sec
21 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSHのバグにより中間者攻撃やDoS攻撃が可能に OpenSSH bugs allows Man-in-the-Middle and DoS Attacks #SecurityAffairs (Feb 19) #OpenSSH #CVE-2025-26465 #CVE-2025-26466 #中間者攻撃 #DoS攻撃 https://t.co/ABWRJnfXTK
@foxbook
21 Feb 2025
1036 Impressions
4 Retweets
23 Likes
9 Bookmarks
0 Replies
0 Quotes
𝗢𝗽𝗲𝗻𝗦𝗦𝗛 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗙𝗹𝗮𝘄𝘀 𝗘𝘅𝗽𝗼𝘀𝗲 𝗠𝗶𝗹𝗹𝗶𝗼𝗻𝘀 𝘁𝗼 𝗖𝘆𝗯𝗲𝗿 𝗔𝘁𝘁𝗮𝗰𝗸𝘀: 𝗨𝗽𝗱𝗮𝘁𝗲 𝗡𝗼𝘄 Two major OpenSSH flaws—CVE-2025-26465 & CVE-2025-26466—expose systems to attacks! Update OpenSSH to 9.9p2 now! OpenSSH users, beware! Researchers ha
@analyticsinme
20 Feb 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26465 and CVE-2025-26466 allow attackers to execute #MitM and #DoS attacks. These flaws impact OpenSSH clients and servers, making it possible for adversaries to intercept SSH connections or cause service disruptions. https://t.co/F9Z8CnpGyr https://t.co/lnTXDVDkXB
@provintell
20 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New OpenSSH vulnerabilities found! 🔸 CVE-2025-26465: MitM attacks if VerifyHostKeyDNS is enabled 🔸 CVE-2025-26466: DoS attacks disrupting servers Public exploit code is out — update to OpenSSH 9.9p2! 💻 #Deepweb #Darkweb Breaking news from the world… https://t.co/ZF7G3lwjoe
@godeepweb
20 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New OpenSSH Flaws Expose Servers to MiTM & DoS Attacks! OpenSSH 9.9p2 patches: 🔹 CVE-2025-26465 – A MitM flaw exploiting 'VerifyHostKeyDNS' to hijack SSH sessions. 🔹 CVE-2025-26466 – A DoS flaw flooding systems with small ping messages. 📢 Update now! Disable… https://t.
@dCypherIO
20 Feb 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two new OpenSSH vulnerabilities (CVE-2025-26465 & CVE-2025-26466) pose risks of MitM and DoS attacks. Patches are available in version 9.9p2. Update is crucial for security! 🔒 #OpenSSH #EnterpriseSecurity #USA link: https://t.co/IVrT2JwjpS https://t.co/Gwhxib6Jvl
@TweetThreatNews
19 Feb 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Looks like OpenSSH has a couple of unexpected guests crashing the party! New vulnerabilities (CVE-2025-26465 & CVE-2025-26466) are here, enabling some sneaky Man-in-the-Middle and pesky DoS attacks. Read more: https://t.co/I3sxFYnn4l https://t.co/7REWshkf76
@Stealthiss_
19 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: OpenSSH Vulnerabilities Allowing MitM and DoS Attacks 📅 Timeline: Disclosure: 2025-02-18, Patch: 2025-02-18 📌 Attribution: Qualys TRU 🆔cveId: CVE-2025-26465, CVE-2025-26466 🛠️exploitMaturity: Not Available 📂affectedVersions: 6.8p1 - 9.9p1… https://
@syedaquib77
19 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: OpenSSH Vulnerabilities Allowing MitM and DoS Attacks 📅 Timeline: Disclosure: 2025-02-18, Patch: 2025-02-18 📌 Attribution: Qualys TRU 🆔cveId: CVE-2025-26465, CVE-2025-26466 cvssSeverity: [Critical 🔴, High 🟠, Medium 🟡, Low 🟢] 🛠️exploitMaturity:…
@syedaquib77
19 Feb 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Załataliście już swoje OpenSSH? Wyszły dwie podatności w OpenSSH: CVE-2025-26465 i CVE-2025-26466 - warto rzucić okiem, czy Wasza Ulubiona Dystrybucja to załatała, a w szczególności czy Wasz dostawca systemów wbudowanych przypadkiem nie używa dalej OpenSSH w dziurawej wersji.
@komputerow
19 Feb 2025
881 Impressions
1 Retweet
13 Likes
0 Bookmarks
5 Replies
1 Quote
🚨 New OpenSSH Vulnerabilities Discovered! 🚨 CVE-2025-26465 enables man-in-the-middle attacks, while CVE-2025-26466 allows denial-of-service exploits. Check if you're vulnerable & secure your system NOW! 🔒 🔗 Read more: https://t.co/wKncCb8IxM #CyberSecurity #OpenSSH #CV
@BaseFortify
19 Feb 2025
52 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Wykryto nowe luki w OpenSSH (CVE-2025-26465, CVE-2025-26466), które mogą prowadzić do ataków MITM i DoS. Administratorzy powinni jak najszybciej zaktualizować systemy i sprawdzić konfigurację. #cybersecurity #OpenSSH https://t.co/1KIpArYzkN https://t.co/1KIpArYzkN
@arkady86
19 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSH CVE fixes are now available in the new Flatcar Alpha, Beta, Stable, LTS-2024 releases! 🔒 CVE fixes & security patches: OpenSSH (CVE-2025-26465, CVE-2025-26466) 📜 Release notes at the usual spot: https://t.co/rZjTiO6fY2 https://t.co/XjoPhLRVx4
@flatcar
19 Feb 2025
146 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Duas falhas críticas no OpenSSH foram descobertas: CVE-2025-26465 permite ataques de man-in-the-middle e CVE-2025-26466 pode causar negação de serviço. Atualize para a versão 9.9p2 e revise suas configurações! Seu sistema pode estar em risco!
@IncursioHack
19 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Nuevas vulnerabilidades de OpenSSH exponen servidores SSH a ataques MiTM y DoS ➡️ Machine-in-the-middle (MitM) y a Denial of Service ⚠️ CVE-2025-26465 ⚠️ CVE-2025-26466 https://t.co/iUgpYhfKHB… https://t.co/UhRNxBAFwt
@doncaptador
19 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSHの重大な脆弱性がDoS 攻撃や中間者攻撃に悪用される可能性(CVE-2025-26465,CVE-2025-26466) #セキュリティ #セキュリティ対策Lab https://t.co/BntcAwPjHK
@securityLab_jp
19 Feb 2025
23 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
OpenSSH has two new vulnerabilities (CVE-2025-26465, MITM; CVE-2025-26466, DoS). CVE-2025-26465 affects versions 6.8p1-9.9p1, CVE-2025-26466 affects 9.5p1-9.9p1. Upgrade to 9.9p2 immediately to patch. https://t.co/dCqCLYudoD
@Jfreeg_
19 Feb 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: OpenSSH Man-in-the-Middle and DoS Attacks 📅 Timeline: Disclosure: 2025-02-18, Patch: 2025-02-18 🆔cveId: CVE-2025-26465, CVE-2025-26466 cvssSeverity: Critical 🔴 🛠️exploitMaturity: Active exploitation reported 📂affectedVersions: 6.8p1 to 9.9p1… http
@syedaquib77
19 Feb 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-26465 & CVE-2025-26466: OpenSSH Client & Server Vulnerabilities Enables MiTM & DoS Attacks 🧐Deep Dive from @qualys:https://t.co/ITteNz2l4g 📊 67.1M+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/P2bN5nlz5b 👇Q
@HunterMapping
19 Feb 2025
1238 Impressions
6 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-26465 & CVE-2025-26466: OpenSSH Client & Server Vulnerabilities Enables MiTM & DoS Attacks 🧐Deep Dive from@qualys:https://t.co/ITteNz2STO 📊 67.1M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/P2bN5nm6UJ 👇Qu
@HunterMapping
19 Feb 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two OpenSSH vulnerabilities allow MitM and DoS attacks. CVE-2025-26465 lets attackers impersonate servers when VerifyHostKeyDNS is enabled, and CVE-2025-26466 causes a pre-auth DoS. Both are fixed in OpenSSH 9.9p2—patch immediately.#OpenSSH #CVE https://t.co/LIcVW30NA4
@ZaihuaNewsEN
19 Feb 2025
31 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSHの新たな脆弱性(CVE-2025-26465、CVE-2025-26466)が発見され、MitM攻撃とDoS攻撃が可能に。影響を受けるバージョンは2014年以降のものが含まれ、最新版9.9p2で修正済み。PoCコードも公開され、早急なアップデートが推奨される。 https://t.co/58WRL2IpNO
@01ra66it
18 Feb 2025
1394 Impressions
9 Retweets
24 Likes
9 Bookmarks
0 Replies
1 Quote
OpenSSHに2つの脆弱性(CVE-2025-26465、CVE-2025-26466)が発見され、MitM攻撃やDoS攻撃が可能に。特に、VerifyHostKeyDNSを有効にするとサーバーのなりすましが可能になる。OpenSSH 9.9p2で修正済み。 https://t.co/V3yvbHAU5k
@01ra66it
18 Feb 2025
562 Impressions
3 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨Nuevas vulnerabilidades de OpenSSH exponen servidores SSH a ataques MiTM y DoS ➡️ Machine-in-the-middle (MitM) y a Denial of Service ⚠️ CVE-2025-26465 ⚠️ CVE-2025-26466 https://t.co/b1Pfxjbch9 https://t.co/7fe19Egy3i
@elhackernet
18 Feb 2025
6574 Impressions
75 Retweets
134 Likes
38 Bookmarks
1 Reply
0 Quotes
OpenSSH 9.9p2 fixes two critical flaws: a MitM vulnerability (CVE-2025-26465) in VerifyHostKeyDNS (enabled by default in FreeBSD until 2023) and a DoS flaw (CVE-2025-26466) from excessive memory use. Update immediately. https://t.co/hn3uHKqU7b
@cyberbulletins
18 Feb 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Dos vulnerabilidades críticas en OpenSSH identificadas como CVE-2025-26465 y CVE-2025-26466, permiten ataques de máquina en el medio (MitM) contra clientes y exploits de denegación de servicio (DoS) previa a la autenticación dirigidos tanto a clientes como a servidores. 🧉 ht
@MarquisioX
18 Feb 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Qualysが、OpenSSHに影響を及ぼす2つの重大な脆弱性を発見しました。これらの脆弱性は、中間者攻撃を仕掛けたりDoS攻撃を引き起こしたりする可能性があります。 ・CVE-2025-26465(中間者攻撃の脆弱性) ・CVE-2025-26466(DoS攻撃の脆弱性) OpenSSH 9.9p2で修正済みです。
@t_nihonmatsu
18 Feb 2025
616 Impressions
2 Retweets
12 Likes
1 Bookmark
1 Reply
0 Quotes
🔴 Two new vulnerabilities found in OpenSSH – one allowing active Man-in-the-Middle (MitM) attacks and the other leading to Denial-of-Service (DoS). Get the details on CVE-2025-26465 and CVE-2025-26466: https://t.co/uv7L8xhYLL
@TheHackersNews
18 Feb 2025
20695 Impressions
127 Retweets
256 Likes
59 Bookmarks
3 Replies
6 Quotes
🚨 Critical OpenSSH Vulnerabilities – Patch Prioritization KQL to identify all your internet facing OpenSSH servers vulnerable to CVE-2025-26466 and CVE-2025-26465. Get your engineers prioritize patching these servers to version 9.9p2 that is released today. Shields Up Scotty! h
@0x534c
18 Feb 2025
3168 Impressions
9 Retweets
50 Likes
33 Bookmarks
2 Replies
1 Quote
OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks https://t.co/eSiPlVBatG
@Dinosn
18 Feb 2025
12433 Impressions
86 Retweets
206 Likes
63 Bookmarks
6 Replies
2 Quotes
OpenSSH 9.8 から PerSourcePenalties ってのがあるのか… CVE-2025-26466 の緩和に使えるらしいが… https://t.co/6asjZOJPs8
@ipv6labs
18 Feb 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Two vulnerabilities fixed in #OpenSSH : CVE-2025-26465 and CVE-2025-26466 https://t.co/LppMvoA5YS
@nintechnet
18 Feb 2025
83 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📡 OpenSSH’de Kritik Güvenlik Açıkları: CVE-2025-26465 ve CVE-2025-26466 🔴 CVE-2025-26465 → MITM saldırılarına izin veriyor! 🔴 CVE-2025-26466 → SSH sunucularını çökerten DoS saldırıları mümkün! 📌 Etkilenen Sürümler: •6.8p1 - 9.9p1 (MITM - CVE-2025-26465) •9.5p1 - 9.9p1… http
@tweetozof
18 Feb 2025
115 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Qualys TRU Discovers Two #Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 #cybersecurity The Qualys Threat #Research Unit (TRU) has identified two #vulnerabilities in OpenSSH.... https://t.co/QStg7u0yGF
@CyberMeowly
18 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#OpenSSH Flaws CVE-2025-26465 & CVE-2025-26466 Expose Clients and Servers to Attacks Understand the implications of CVE-2025-26465 & CVE-2025-26466 on OpenSSH. Learn about the risks of machine-in-the-middle and DoS attacks https://t.co/zKAo1uEFDh
@the_yellow_fall
18 Feb 2025
76 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.5:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B95D97F9-56D8-4A03-8D97-C9C3BC103AEA"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AFDD23D-3B76-4942-B222-843918EE7996"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.6:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA15AB35-EE6C-4435-9CD3-02E77A581CCD"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35061B84-4628-469C-BEC2-06207F066F30"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.7:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0DA97F7-489E-416E-9A01-DE7E4ABB8E47"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF2C0441-653D-4BD3-A45D-D97C929A596F"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.8:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63A10946-C4A4-4F77-828D-568579A2599C"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2B53BBB-6916-478C-A896-77C7F7E7D5DE"
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:9.9:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7A2B794-BA83-4A01-BD2E-541F18CB9E37"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF90B5A4-6E55-4369-B9D4-E7A061E797D2"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE07EF30-B50E-4054-9918-50EFA416073B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "204FC6CC-9DAC-45FB-8A9F-C9C8EDD29D54"
}
],
"operator": "OR"
}
]
}
]