CVE-2025-22869

EUVD-2025-5340
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
gossh
𝑥
< 0.35.0
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
buildah
suse enterprise sap 15 SP6
1.35.5-150500.3.34.1
fixed
suse enterprise sap 15 SP7
1.35.5-150500.3.34.1
fixed
suse enterprise server 15 SP2
1.25.1-150100.3.28.1
fixed
suse enterprise server 15 SP3
1.35.5-150300.8.39.1
fixed
suse enterprise server 15 SP4
1.35.5-150400.3.45.1
fixed
suse enterprise server 15 SP5
1.35.5-150500.3.34.1
fixed
suse enterprise server 15 SP6
1.35.5-150500.3.34.1
fixed
suse enterprise server 15 SP7
1.35.5-150500.3.34.1
fixed
cosign
suse enterprise desktop 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP4
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP5
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP6
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
cosign-bash-completion
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
cosign-zsh-completion
suse enterprise desktop 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise sap 15 SP7
2.5.0-150400.3.27.1
fixed
suse enterprise server 15 SP7
2.5.0-150400.3.27.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
podman
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.49.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-docker
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podman-remote
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.49.2
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.47.2
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
podmansh
suse enterprise sap 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.40.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.43.2
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.40.1
fixed
rekor
suse enterprise desktop 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise desktop 15 SP7
1.3.10-150400.4.25.1
fixed
suse enterprise sap 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise sap 15 SP7
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP4
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP5
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP6
1.3.10-150400.4.25.1
fixed
suse enterprise server 15 SP7
1.3.10-150400.4.25.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
terraform-provider-aws
suse enterprise sap 15 SP4
3.11.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
3.11.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
3.11.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
3.11.0-150200.6.12.1
fixed
terraform-provider-azurerm
suse enterprise sap 15 SP4
2.32.0-150200.6.6.1
fixed
suse enterprise sap 15 SP5
2.32.0-150200.6.6.1
fixed
suse enterprise server 15 SP4
2.32.0-150200.6.6.1
fixed
suse enterprise server 15 SP5
2.32.0-150200.6.6.1
fixed
terraform-provider-external
suse enterprise sap 15 SP4
2.0.0-150200.6.6.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.6.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.6.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.6.1
fixed
terraform-provider-google
suse enterprise sap 15 SP4
3.43.0-150200.6.6.1
fixed
suse enterprise sap 15 SP5
3.43.0-150200.6.6.1
fixed
suse enterprise server 15 SP4
3.43.0-150200.6.6.1
fixed
suse enterprise server 15 SP5
3.43.0-150200.6.6.1
fixed
terraform-provider-helm
suse enterprise sap 15 SP4
2.9.0-150200.6.17.1
fixed
suse enterprise sap 15 SP5
2.9.0-150200.6.17.1
fixed
suse enterprise server 15 SP4
2.9.0-150200.6.17.1
fixed
suse enterprise server 15 SP5
2.9.0-150200.6.17.1
fixed
terraform-provider-kubernetes
suse enterprise sap 15 SP4
1.13.2-150200.6.6.1
fixed
suse enterprise sap 15 SP5
1.13.2-150200.6.6.1
fixed
suse enterprise server 15 SP4
1.13.2-150200.6.6.1
fixed
suse enterprise server 15 SP5
1.13.2-150200.6.6.1
fixed
terraform-provider-local
suse enterprise sap 15 SP4
2.0.0-150200.6.11.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.11.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.11.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.11.1
fixed
terraform-provider-random
suse enterprise sap 15 SP4
3.0.0-150200.6.9.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.9.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.9.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.9.1
fixed
terraform-provider-tls
suse enterprise sap 15 SP4
3.0.0-150200.5.9.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.5.9.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.5.9.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.5.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gvisor-tap-vsock
RHEL 9
6:0.8.5-1.el9_6
fixed
gvisor-tap-vsock-gvforwarder
RHEL 9
6:0.8.5-1.el9_6
fixed
podman
RHEL 9
5:5.4.0-9.el9_6
fixed
podman-docker
RHEL 9
5:5.4.0-9.el9_6
fixed
podman-plugins
RHEL 9
5:5.4.0-9.el9_6
fixed
podman-remote
RHEL 9
5:5.4.0-9.el9_6
fixed
podman-tests
RHEL 9
5:5.4.0-9.el9_6
fixed
Common Weakness Enumeration
References
https://go.dev/cl/652135
https://go.dev/issue/71931
https://pkg.go.dev/vuln/GO-2025-3487
https://security.netapp.com/advisory/ntap-20250411-0010/