Pre-authentication Denial of Service attack in OpenSSH
Advisory ID
WGSA-2025-00009
CVE
CVE-2025-26466
Impact
Medium
Status
Resolved
Product Family
Dimension,
Firebox,
Secure Wi-Fi
Published Date
Updated Date
Workaround Available
False
CVSS Score
5.9
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Affected
| Product | Version | Status |
|---|---|---|
| Fireware OS | 12.x | Resolved |
| Dimension | All | Not Affected |
| Secure Wi-Fi | All | Not Affected |
Resolution
| Product | Resolution |
|---|---|
| Fireware OS | 12.11.3 |
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Dimension
|
Dimension | Dimension |
Firebox
|
Fireware OS 12.5.x | T15, T35 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |
Secure Wi-Fi
|
Wi-Fi 6 | AP130, AP330, AP332CR, AP430CR, AP432 |
Secure Wi-Fi
|
Wi-Fi 4 & 5 | AP125, AP225W, AP325, AP327X, AP420 |