Bug 2348367 (CVE-2025-22869) - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
Summary: CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange...
Keywords:
Status: NEW
Alias: CVE-2025-22869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2348771 2348772 2350750 2350751 2350752 2350753 2350754 2350757 2350758 2350759 2350760 2350761 2350764 2350765 2350767 2350768 2350770 2350771 2350772 2350775 2350776 2350777 2350778 2350779 2350780 2350781 2350782 2350783 2350784 2350785 2350786 2350788 2350789 2350790 2350791 2350794 2350795 2350797 2350798 2350801 2350802 2350804 2350805 2350806 2350808 2350809 2350810 2350811 2350817 2350819 2350820 2350821 2350822 2350823 2350824 2350825 2350826 2350827 2350828 2350830 2350837 2350838 2350840 2350841 2350844 2350845 2350847 2350749 2350755 2350756 2350762 2350763 2350766 2350769 2350773 2350774 2350787 2350792 2350793 2350796 2350799 2350800 2350803 2350807 2350812 2350813 2350814 2350815 2350816 2350818 2350829 2350831 2350832 2350833 2350834 2350835 2350836 2350839 2350842 2350843 2350846 2361094
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 04:01 UTC by OSIDB Bzimport
Modified: 2025-05-13 15:58 UTC (History)
61 users (show)

Fixed In Version: v0.35.0
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:3273 0 None None None 2025-03-26 14:58:11 UTC
Red Hat Product Errata RHSA-2025:3051 0 None None None 2025-03-20 04:38:12 UTC
Red Hat Product Errata RHSA-2025:3052 0 None None None 2025-03-20 04:53:27 UTC
Red Hat Product Errata RHSA-2025:3053 0 None None None 2025-03-20 04:56:02 UTC
Red Hat Product Errata RHSA-2025:3165 0 None None None 2025-03-25 14:22:59 UTC
Red Hat Product Errata RHSA-2025:3172 0 None None None 2025-03-25 19:59:16 UTC
Red Hat Product Errata RHSA-2025:3175 0 None None None 2025-03-25 18:07:10 UTC
Red Hat Product Errata RHSA-2025:3184 0 None None None 2025-03-25 20:32:08 UTC
Red Hat Product Errata RHSA-2025:3185 0 None None None 2025-03-25 20:33:02 UTC
Red Hat Product Errata RHSA-2025:3186 0 None None None 2025-03-25 20:38:07 UTC
Red Hat Product Errata RHSA-2025:3210 0 None None None 2025-03-26 02:10:35 UTC
Red Hat Product Errata RHSA-2025:3266 0 None None None 2025-03-26 14:21:09 UTC
Red Hat Product Errata RHSA-2025:3268 0 None None None 2025-03-26 14:23:54 UTC
Red Hat Product Errata RHSA-2025:3336 0 None None None 2025-03-27 14:57:26 UTC
Red Hat Product Errata RHSA-2025:3498 0 None None None 2025-04-01 21:01:25 UTC
Red Hat Product Errata RHSA-2025:3685 0 None None None 2025-04-08 12:59:34 UTC
Red Hat Product Errata RHSA-2025:3763 0 None None None 2025-04-09 16:38:30 UTC
Red Hat Product Errata RHSA-2025:3833 0 None None None 2025-04-14 09:17:16 UTC
Red Hat Product Errata RHSA-2025:3863 0 None None None 2025-04-14 18:00:55 UTC
Red Hat Product Errata RHSA-2025:3932 0 None None None 2025-04-15 21:50:34 UTC
Red Hat Product Errata RHSA-2025:3959 0 None None None 2025-04-16 18:10:26 UTC
Red Hat Product Errata RHSA-2025:4002 0 None None None 2025-04-17 22:09:54 UTC
Red Hat Product Errata RHSA-2025:4012 0 None None None 2025-04-23 12:41:55 UTC
Red Hat Product Errata RHSA-2025:4502 0 None None None 2025-05-06 06:30:51 UTC
Red Hat Product Errata RHSA-2025:4511 0 None None None 2025-05-06 07:15:43 UTC
Red Hat Product Errata RHSA-2025:7391 0 None None None 2025-05-13 11:51:14 UTC
Red Hat Product Errata RHSA-2025:7416 0 None None None 2025-05-13 11:54:17 UTC
Red Hat Product Errata RHSA-2025:7462 0 None None None 2025-05-13 15:55:54 UTC
Red Hat Product Errata RHSA-2025:7484 0 None None None 2025-05-13 15:58:20 UTC

Description OSIDB Bzimport 2025-02-26 04:01:10 UTC 
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
Comment 3 Lokesh Mandvekar 2025-03-10 10:53:41 UTC 
Is there any info on what releases of x/crypto this is fixed in? I don't see anything relevant in here, Mitre, NVD or even the actual change page on googlesource.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869
https://nvd.nist.gov/vuln/detail/CVE-2025-22869
https://go-review.googlesource.com/c/crypto/+/652135
Comment 4 Nick Carboni 2025-03-10 13:40:59 UTC 
Based on https://pkg.go.dev/vuln/GO-2025-3487 it looks like this has been fixed in versions v0.35.0 and later
Comment 6 errata-xmlrpc 2025-03-20 04:38:09 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.17 for RHEL 9

Via RHSA-2025:3051 https://access.redhat.com/errata/RHSA-2025:3051
Comment 7 errata-xmlrpc 2025-03-20 04:53:23 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.18 for RHEL 9

Via RHSA-2025:3052 https://access.redhat.com/errata/RHSA-2025:3052
Comment 8 errata-xmlrpc 2025-03-20 04:55:58 UTC 
This issue has been addressed in the following products:

  gatekeeper 3.15 for RHEL 9

Via RHSA-2025:3053 https://access.redhat.com/errata/RHSA-2025:3053
Comment 9 errata-xmlrpc 2025-03-25 14:22:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:3165 https://access.redhat.com/errata/RHSA-2025:3165
Comment 10 errata-xmlrpc 2025-03-25 18:07:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:3175 https://access.redhat.com/errata/RHSA-2025:3175
Comment 11 errata-xmlrpc 2025-03-25 19:59:13 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:3172 https://access.redhat.com/errata/RHSA-2025:3172
Comment 12 errata-xmlrpc 2025-03-25 20:32:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3184 https://access.redhat.com/errata/RHSA-2025:3184
Comment 13 errata-xmlrpc 2025-03-25 20:32:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3185 https://access.redhat.com/errata/RHSA-2025:3185
Comment 14 errata-xmlrpc 2025-03-25 20:38:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3186 https://access.redhat.com/errata/RHSA-2025:3186
Comment 15 errata-xmlrpc 2025-03-26 02:10:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3210 https://access.redhat.com/errata/RHSA-2025:3210
Comment 16 errata-xmlrpc 2025-03-26 14:21:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:3266 https://access.redhat.com/errata/RHSA-2025:3266
Comment 17 errata-xmlrpc 2025-03-26 14:23:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:3268 https://access.redhat.com/errata/RHSA-2025:3268
Comment 18 errata-xmlrpc 2025-03-27 14:57:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:3336 https://access.redhat.com/errata/RHSA-2025:3336
Comment 23 errata-xmlrpc 2025-04-01 21:01:21 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.2 for RHEL 9

Via RHSA-2025:3498 https://access.redhat.com/errata/RHSA-2025:3498
Comment 24 errata-xmlrpc 2025-04-08 12:59:31 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 8
  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:3685 https://access.redhat.com/errata/RHSA-2025:3685
Comment 25 errata-xmlrpc 2025-04-09 16:38:26 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.13 for RHEL 9

Via RHSA-2025:3763 https://access.redhat.com/errata/RHSA-2025:3763
Comment 26 errata-xmlrpc 2025-04-14 09:17:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:3833 https://access.redhat.com/errata/RHSA-2025:3833
Comment 27 errata-xmlrpc 2025-04-14 18:00:52 UTC 
This issue has been addressed in the following products:

  multicluster-globalhub 1.3 for RHEL 9

Via RHSA-2025:3863 https://access.redhat.com/errata/RHSA-2025:3863
Comment 28 errata-xmlrpc 2025-04-15 21:50:30 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Dev Spaces 3 Containers

Via RHSA-2025:3932 https://access.redhat.com/errata/RHSA-2025:3932
Comment 29 errata-xmlrpc 2025-04-16 18:10:22 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:3959 https://access.redhat.com/errata/RHSA-2025:3959
Comment 30 errata-xmlrpc 2025-04-17 22:09:50 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9

Via RHSA-2025:4002 https://access.redhat.com/errata/RHSA-2025:4002
Comment 32 errata-xmlrpc 2025-04-23 12:41:50 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:4012 https://access.redhat.com/errata/RHSA-2025:4012
Comment 34 errata-xmlrpc 2025-05-06 06:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9

Via RHSA-2025:4502 https://access.redhat.com/errata/RHSA-2025:4502
Comment 35 errata-xmlrpc 2025-05-06 07:15:38 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:4511 https://access.redhat.com/errata/RHSA-2025:4511
Comment 37 errata-xmlrpc 2025-05-13 11:51:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7391 https://access.redhat.com/errata/RHSA-2025:7391
Comment 38 errata-xmlrpc 2025-05-13 11:54:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7416 https://access.redhat.com/errata/RHSA-2025:7416
Comment 39 errata-xmlrpc 2025-05-13 15:55:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7462 https://access.redhat.com/errata/RHSA-2025:7462
Comment 40 errata-xmlrpc 2025-05-13 15:58:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7484 https://access.redhat.com/errata/RHSA-2025:7484
Note You need to log in before you can comment on or make changes to this bug.