CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

CVE-2025-58181

CVE-2025-58181 involves unbounded memory consumption due to SSH servers parsing GSSAPI authentication requests without validating the number of mechanisms. The connected AWS Linux advisories indicate the affected package is nerdctl (e.g., nerdctl-2.2.1-1.amzn2023.0.1.x86_64 with updated packages ...

CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

GO-2025-4135 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

CVE-2025-7623

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...

Security Bulletin: Erlang/OTP SSH Handshake Hardening Bypass Enables MitM Injection (Patched in OTP 25–27 Updates)

Summary Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged...

PT-2025-47532

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers that process GSSAPI authentication requests are susceptible to an issue where the number of mechanisms included in the request is not validated. This can lead to excessive...

PT-2025-47531

Name of the Vulnerable Software and Affected Versions SSH Agent affected versions not specified Description SSH Agent servers do not properly check the size of messages when handling new identity requests. This can lead to a program crash, specifically a panic, if a deliberately crafted, malforme...

CVE-2025-37155 Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...

CVE-2025-7623

CVE-2025-7623 affects the SMASH-CLP shell on the BMC firmware OS. The root cause is a stack-based overflow in a 260-byte stack buffer, exploitable by an authenticated attacker who has SSH access to the BMC. An attacker can craft a SMASH command to overwrite the return address and registers, poten...

PT-2025-47375

Name of the Vulnerable Software and Affected Versions Network management services affected versions not specified Description A flaw exists in the SSH restricted shell interface of network management services, leading to improper access control for authenticated read-only users. Successful...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libssh (UTSA-2025-990914)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990914 advisory. A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsiste...

CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

AZL-70343 CVE-2025-47913 affecting package telegraf for versions less than 1.31.0-11

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

AZL-70334 CVE-2025-47913 affecting package kubevirt for versions less than 1.5.3-2

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

AZL-70325 CVE-2025-47913 affecting package packer for versions less than 1.9.5-16

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

UBUNTU-CVE-2025-47913

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

GO-2025-4116 Potential denial of service in golang.org/x/crypto/ssh/agent

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...