CVE-2025-22869 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-22869 at MITRE

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

SUSE information

Overall state of this security issue: New

This issue is currently rated as having important severity.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

openSUSE-SU-2025:14843-1, published Fri Feb 28 18:50:40 2025

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Package Hub 15 SP6	`govulncheck-vulndb >= 0.0.20250226T025151-150000.1.35.1`	Patchnames: SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-770
openSUSE Leap 15.6	`govulncheck-vulndb >= 0.0.20250226T025151-150000.1.35.1`	Patchnames: openSUSE-SLE-15.6-2025-770
openSUSE Tumbleweed	`govulncheck-vulndb >= 0.0.20250226T025151-1.1` `teleport >= 17.2.9-1.1` `teleport-bash-completion >= 17.2.9-1.1` `teleport-fdpass-teleport >= 17.2.9-1.1` `teleport-tbot >= 17.2.9-1.1` `teleport-tbot-bash-completion >= 17.2.9-1.1` `teleport-tbot-zsh-completion >= 17.2.9-1.1` `teleport-tctl >= 17.2.9-1.1` `teleport-tctl-bash-completion >= 17.2.9-1.1` `teleport-tctl-zsh-completion >= 17.2.9-1.1` `teleport-tsh >= 17.2.9-1.1` `teleport-tsh-bash-completion >= 17.2.9-1.1` `teleport-tsh-zsh-completion >= 17.2.9-1.1` `teleport-zsh-completion >= 17.2.9-1.1`	Patchnames: openSUSE-Tumbleweed-2025-14839 openSUSE-Tumbleweed-2025-14843

SUSE Timeline for this CVE

CVE page created: Wed Feb 26 16:00:37 2025
CVE page last modified: Wed Mar 5 01:02:30 2025