CVE-2025-22869

Medienbericht

EPSS 0.22%
Veröffentlicht 26.02.2025 08:14:24
Zuletzt bearbeitet 01.05.2025 19:28:20
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Go ≫ Ssh SwPlatformgo Version < 0.35.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.439

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-IBM-App-Connect-und-Storage-Scale-lahmlegen-10381087.html

Medienbericht

heise Security

09.08.2025 11:36

https://go.dev/cl/652135

Patch

https://go.dev/issue/71931

Patch

Issue Tracking

https://pkg.go.dev/vuln/GO-2025-3487

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250411-0010/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-22869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22869

EUVD