Approved changes feed: RSS · Atom

cpe:2.3:a:openbsd:openssh:9.9:-:*:*:*:*:*:*

part: a version: 9.9 update: -

VendorOpenbsd (932cdfc2-94b9-5fb6-8ef3-d0b271f414b5)
ProductOpenssh (00fc4953-faf7-5f04-8d3d-4edd44206199)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/openssh/openssh-portable purl2cpe 2026-06-01 10:17:38.305093
pkg:mindrot/openss purl2cpe 2026-06-01 10:17:38.305095
pkg:openbsd/openssh purl2cpe 2026-06-01 10:17:38.305096
pkg:rpm/fedora/openssh purl2cpe 2026-06-01 10:17:38.305097
pkg:rpm/opensuse/openssh purl2cpe 2026-06-01 10:17:38.305099

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-26466 vulnerable 2026-06-08 07:12:51.670713 Openssh: denial-of-service in openssh
MEDIUM (5.9)
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Published: 2025-02-28T21:25:28.861Z
Updated: 2026-06-30T00:24:46.893Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-26465 vulnerable 2026-06-08 07:12:51.659247 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
MEDIUM (6.8)
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
Published: 2025-02-18T18:27:16.843Z
Updated: 2026-05-12T12:04:14.721Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.