Main Vulnerability Database Vulnerabilities #VU105459

#VU105459 Resource exhaustion in crypto - CVE-2025-22869

Published: March 10, 2025

Vulnerability identifier: #VU105459

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-22869

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
crypto

Software vendor:
Google

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the ssh package when handling clients that complete the key exchange slowly, or not at all. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://go.dev/cl/652135
https://go.dev/issue/71931
https://pkg.go.dev/vuln/GO-2025-3487
https://pkg.go.dev/golang.org/x/crypto/ssh

#VU105459 Resource exhaustion in crypto - CVE-2025-22869

Description

Remediation

External links

Please verify you're human