CVE-2025-22869

Overview

About vulnerability

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Details

Affected product:: AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , Grafana , Loki , TuxCare 9.6 ESU , cloud.google.com/go , cloud.google.com/go/accessapproval , cloud.google.com/go/accesscontextmanager , cloud.google.com/go/aiplatform , cloud.google.com/go/analytics , cloud.google.com/go/apigateway , cloud.google.com/go/apigeeconnect , cloud.google.com/go/apigeeregistry , cloud.google.com/go/appengine , cloud.google.com/go/area120 , cloud.google.com/go/artifactregistry , cloud.google.com/go/asset , cloud.google.com/go/assuredworkloads , cloud.google.com/go/auth , cloud.google.com/go/automl , cloud.google.com/go/baremetalsolution , cloud.google.com/go/batch , cloud.google.com/go/beyondcorp , cloud.google.com/go/bigquery , cloud.google.com/go/bigtable , cloud.google.com/go/billing , cloud.google.com/go/binaryauthorization , cloud.google.com/go/certificatemanager , cloud.google.com/go/channel , cloud.google.com/go/cloudbuild , cloud.google.com/go/clouddms , cloud.google.com/go/cloudtasks , cloud.google.com/go/compute , cloud.google.com/go/contactcenterinsights , cloud.google.com/go/container , cloud.google.com/go/containeranalysis , cloud.google.com/go/datacatalog , cloud.google.com/go/dataflow , cloud.google.com/go/dataform , cloud.google.com/go/datafusion , cloud.google.com/go/datalabeling , cloud.google.com/go/dataplex , cloud.google.com/go/dataproc , cloud.google.com/go/dataqna , cloud.google.com/go/datastore , cloud.google.com/go/datastream , cloud.google.com/go/deploy , cloud.google.com/go/dialogflow , cloud.google.com/go/dlp , cloud.google.com/go/documentai , cloud.google.com/go/domains , cloud.google.com/go/edgecontainer , cloud.google.com/go/essentialcontacts , cloud.google.com/go/eventarc , cloud.google.com/go/filestore , cloud.google.com/go/firestore , cloud.google.com/go/functions , cloud.google.com/go/gkebackup , cloud.google.com/go/gkeconnect , cloud.google.com/go/gkehub , cloud.google.com/go/gkemulticloud , cloud.google.com/go/grafeas , cloud.google.com/go/gsuiteaddons , cloud.google.com/go/iam , cloud.google.com/go/iap , cloud.google.com/go/ids , cloud.google.com/go/iot , cloud.google.com/go/kms , cloud.google.com/go/language , cloud.google.com/go/lifesciences , cloud.google.com/go/logging , cloud.google.com/go/longrunning , cloud.google.com/go/managedidentities , cloud.google.com/go/maps , cloud.google.com/go/mediatranslation , cloud.google.com/go/memcache , cloud.google.com/go/metastore , cloud.google.com/go/monitoring , cloud.google.com/go/networkconnectivity , cloud.google.com/go/networkmanagement , cloud.google.com/go/networksecurity , cloud.google.com/go/notebooks , cloud.google.com/go/optimization , cloud.google.com/go/orchestration , cloud.google.com/go/orgpolicy , cloud.google.com/go/osconfig , cloud.google.com/go/oslogin , cloud.google.com/go/phishingprotection , cloud.google.com/go/policytroubleshooter , cloud.google.com/go/privatecatalog , cloud.google.com/go/pubsub , cloud.google.com/go/pubsublite , cloud.google.com/go/recaptchaenterprise , cloud.google.com/go/recommendationengine , cloud.google.com/go/recommender , cloud.google.com/go/redis , cloud.google.com/go/resourcemanager , cloud.google.com/go/resourcesettings , cloud.google.com/go/retail , cloud.google.com/go/run , cloud.google.com/go/scheduler , cloud.google.com/go/security , cloud.google.com/go/securitycenter , cloud.google.com/go/servicedirectory , cloud.google.com/go/shell , cloud.google.com/go/spanner , cloud.google.com/go/speech , cloud.google.com/go/storage , cloud.google.com/go/storagetransfer , cloud.google.com/go/talent , cloud.google.com/go/texttospeech , cloud.google.com/go/tpu , cloud.google.com/go/translate , cloud.google.com/go/video , cloud.google.com/go/videointelligence , cloud.google.com/go/vision , cloud.google.com/go/vmmigration , cloud.google.com/go/vmwareengine , cloud.google.com/go/vpcaccess , cloud.google.com/go/webrisk , cloud.google.com/go/websecurityscanner , cloud.google.com/go/workflows , filippo.io/age , github.com/Azure/azure-amqp-common-go , github.com/Azure/azure-event-hubs-go , github.com/Azure/azure-sdk-for-go/sdk/azcore , github.com/Azure/azure-sdk-for-go/sdk/azidentity , github.com/Azure/azure-sdk-for-go/sdk/internal , github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys , github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute , github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal , github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups , github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork , github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources , github.com/Azure/azure-sdk-for-go/sdk/storage/azblob , github.com/Azure/azure-service-bus-go , github.com/Azure/azure-storage-blob-go , github.com/Azure/go-autorest/autorest , github.com/Azure/go-autorest/autorest/adal , github.com/Azure/go-autorest/autorest/azure/auth , github.com/Azure/go-autorest/autorest/azure/cli , github.com/GoogleCloudPlatform/cloudsql-proxy , github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric , github.com/IBM/go-sdk-core , github.com/IBM/ibm-cos-sdk-go , github.com/IBM/sarama , github.com/Masterminds/sprig , github.com/ProtonMail/go-crypto , github.com/Shopify/sarama , github.com/apache/arrow/go , github.com/benmathews/bench , github.com/bketelsen/crypt , github.com/caddyserver/caddy , github.com/census-instrumentation/opencensus-proto , github.com/centrifugal/centrifuge , github.com/cloudflare/circl , github.com/cncf/xds/go , github.com/coredns/coredns , github.com/coreos/go-oidc , github.com/cortexproject/cortex , github.com/crewjam/saml , github.com/deepmap/oapi-codegen , github.com/denisenkom/go-mssqldb , github.com/envoyproxy/protoc-gen-validate , github.com/fsouza/fake-gcs-server , github.com/getsentry/sentry-go , github.com/go-acme/lego , github.com/go-jose/go-jose , github.com/go-kit/kit , github.com/go-ldap/ldap , github.com/go-openapi/analysis , github.com/go-openapi/loads , github.com/go-openapi/runtime , github.com/go-openapi/strfmt , github.com/go-openapi/validate , github.com/go-playground/validator , github.com/gobuffalo/genny , github.com/goccy/go-yaml , github.com/gogo/protobuf , github.com/golang-migrate/migrate , github.com/golang/mock , github.com/golang/protobuf , github.com/google/go-github , github.com/google/s2a-go , github.com/googleapis/enterprise-certificate-proxy , github.com/googleapis/gax-go , github.com/googleapis/google-cloud-go-testing , github.com/gopcua/opcua , github.com/gophercloud/gophercloud , github.com/grafana/alerting , github.com/grafana/authlib , github.com/grafana/dskit , github.com/grafana/e2e , github.com/grafana/grafana-aws-sdk , github.com/grafana/grafana-azure-sdk-go , github.com/grafana/grafana-cloud-migration-snapshot , github.com/grafana/grafana/pkg/storage/unified/resource , github.com/grafana/sqlds , github.com/grafana/tempo , github.com/grpc-ecosystem/go-grpc-middleware , github.com/gulducat/go-run-programs , github.com/hashicorp/consul , github.com/hashicorp/consul/api , github.com/hashicorp/go-discover , github.com/hashicorp/go-secure-stdlib/password , github.com/hashicorp/go-sockaddr , github.com/hashicorp/hcdiag , github.com/hashicorp/hcl , github.com/hashicorp/mdns , github.com/hashicorp/memberlist , github.com/hashicorp/raft-wal , github.com/hashicorp/serf , github.com/hashicorp/vault-plugin-auth-alicloud , github.com/hashicorp/vault/api , github.com/hashicorp/vault/api/auth/gcp , github.com/hashicorp/vault/sdk , github.com/heroku/x , github.com/influxdata/influxdb , github.com/influxdata/influxdb-client-go , github.com/influxdata/telegraf , github.com/jackc/pgconn , github.com/jackc/pgmock , github.com/jackc/pgtype , github.com/jackc/pgx , github.com/jcmturner/gokrb5 , github.com/joyent/triton-go , github.com/kataras/iris , github.com/labstack/echo , github.com/lucas-clemente/quic-go , github.com/marten-seemann/qtls , github.com/mholt/certmagic , github.com/microsoft/go-mssqldb , github.com/minio/minio-go , github.com/mitchellh/cli , github.com/mithrandie/csvq , github.com/mithrandie/csvq-driver , github.com/nats-io/nats-server , github.com/nats-io/nats-streaming-server , github.com/nats-io/nats.go , github.com/nats-io/nkeys , github.com/oapi-codegen/runtime , github.com/openfga/openfga , github.com/openzipkin-contrib/zipkin-go-opentracing , github.com/openzipkin/zipkin-go , github.com/pkg/sftp , github.com/pressly/goose , github.com/prometheus/alertmanager , github.com/prometheus/client_golang , github.com/prometheus/common , github.com/prometheus/exporter-toolkit , github.com/prometheus/prometheus , github.com/sacloud/libsacloud , github.com/sagikazarmark/crypt , github.com/spf13/afero , github.com/spf13/cobra , github.com/spf13/viper , github.com/substrait-io/substrait-go , github.com/thanos-io/objstore , github.com/thanos-io/thanos , github.com/twmb/franz-go , github.com/twmb/franz-go/pkg/kadm , github.com/twmb/franz-go/pkg/kfake , go.etcd.io/etcd , go.etcd.io/etcd/client , go.etcd.io/etcd/server , go.mongodb.org/mongo-driver , go.opencensus.io , gocloud.dev , golang.org/x/crypto , golang.org/x/mod , golang.org/x/net , golang.org/x/tools , golang.zx2c4.com/wireguard , golang.zx2c4.com/wireguard/wgctrl , google.golang.org/api , google.golang.org/genproto , google.golang.org/grpc , google.golang.org/protobuf , gopkg.in/macaron.v1 , k8s.io/apiserver , k8s.io/client-go , k8s.io/kube-aggregator
Affected packages:: file @ 5.33 (+418 more)

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Statement

Fixes

Operating system / Project

Severity

Details

Overview

About vulnerability

Details

Statement

Fixes

Statement

Subscribe to updates

Contact us