| CVE-2025-32728 |
BDSA-2025-3088 |
Low |
Apr 10, 2025 |
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
more...
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
less...
|
9.8, 9.7, 9.5, 9.2, 8.9, 8.8, 7.7
|
| CVE-2025-26466 |
BDSA-2025-1325 |
Medium |
Feb 28, 2025 |
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a qu
more...
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
less...
|
9.8, 9.7
|
| CVE-2025-26465 |
BDSA-2025-1289 |
Medium |
Feb 18, 2025 |
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machin
more...
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
less...
|
9.8, 9.7, 9.5, 9.2, 8.9, 8.8, 7.7, 0.10.3, 0.9.3, 7.2
|
| CVE-2024-6387 |
|
High |
Jul 01, 2024 |
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals i
more...
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
less...
|
9.8, 9.7, 9.5, 9.2, 8.9, 8.8, 4.4, 4.1, 3.9, 3.5
|
| BDSA-2025-13330 |
|
Medium |
Oct 07, 2025 |
OpenSSH's client application is vulnerable to remote code execution (RCE) due to a lack of validation of usernames in the `ssh.c` file. A remote attack
more...
OpenSSH's client application is vulnerable to remote code execution (RCE) due to a lack of validation of usernames in the `ssh.c` file. A remote attacker could exploit this vulnerability by supplying a username which contains control characters in order to inject malicious shell expressions into certain configured proxy commands.
**Note**: This requires a user to have `ProxyCommand` configured with a `%r` argument to be exploitable. One notable attack vector is through a git repository's use of submodules. If the user has configured a `ProxyCommand` with a `%r` argument, git interactions with the malicious repository could result in command execution through the OpenSSH client.
less...
|
|
| BDSA-2025-13328 |
|
Medium |
Oct 07, 2025 |
OpenSSH's client is vulnerable to remote code execution (RCE) due to potential OS command injection when used with the `ProxyCommand` configuration opt
more...
OpenSSH's client is vulnerable to remote code execution (RCE) due to potential OS command injection when used with the `ProxyCommand` configuration option. This issue is caused by a lack of validation to ensure that SSH URIs do not contain null characters. A remote attacker could exploit this issue by providing a crafted URL which would then be executed when a configured `ProxyCommand` is used.
less...
|
|
