FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Multiple vulnerabilities in OpenSSH

Affected packages
14.2 <= FreeBSD < 14.2_2
14.1 <= FreeBSD < 14.1_8
13.4 <= FreeBSD < 13.4_4
openssh-portable < 9.9.p2_1,1
openssh-portable-hpn < 9.9.p2_1,1
openssh-portable-gssapi < 9.9.p2_1,1

Details

VuXML ID a8f1ee74-f267-11ef-87ba-002590c1f29c
Discovery 2025-02-21
Entry 2025-02-24
Modified 2025-03-08

Problem Description:

OpenSSH client host verification error (CVE-2025-26465)

ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled.

OpenSSH server denial of service (CVE-2025-26466)

The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets.

Impact:

OpenSSH client host verification error (CVE-2025-26465)

Under specific circumstances, a machine-in-the-middle may impersonate any server when the client has the VerifyHostKeyDNS option enabled.

OpenSSH server denial of service (CVE-2025-26466)

During the processing of SSH2_MSG_PING packets, a server may be subject to a memory/CPU denial of service.

References

CVE Name CVE-2025-26465
CVE Name CVE-2025-26466
FreeBSD Advisory SA-25:05.openssh
URL https://nvd.nist.gov/vuln/detail/CVE-2025-26465
URL https://nvd.nist.gov/vuln/detail/CVE-2025-26466

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.