漏洞平台

POC详情： 55b450cbc722e12bce9ee1c4d177c1e36fd62f66

来源

https://github.com/jhonnybonny/CVE-2025-26466

关联漏洞

标题： OpenSSH: 开放式SSH中的拒绝服务漏洞 (CVE-2025-26466)
描述：在OpenSSH软件包中发现了一个漏洞。对于SSH服务器接收到的每个ping包，都会在内存缓冲区中分配一个pong包并存储在包队列中。这些包仅在服务器/客户端密钥交换完成后才被释放。恶意客户端可以持续发送此类包，导致服务器端内存占用无限制增加。因此，服务器可能会变得不可用，从而引发拒绝服务攻击。

描述

OpenSSH server 9.5p1 - 9.9p1 DoS (PoC)

介绍

# OpenSSH DoS Exploit (CVE-2025-26466)

<img width="1018" alt="Screenshot 2025-02-18 at 23 28 46" src="https://github.com/user-attachments/assets/c6188478-9d1d-481c-a5b3-df1f5ac434a1" />


## Description
This exploit targets a denial-of-service (DoS) vulnerability in OpenSSH (CVE-2025-26466). The vulnerability allows unauthenticated attackers to consume excessive memory and CPU resources by sending a large number of specially crafted SSH2_MSG_PING packets during the key exchange process. This can cause the SSH server to become unresponsive or crash due to resource exhaustion.

## Affected Versions
- OpenSSH 9.5p1 - 9.9p1 are vulnerable.
- Earlier versions are not affected unless manually patched with the vulnerable feature.

## How It Works
- The script establishes multiple connections to the target SSH server.
- It sends a large volume of SSH2_MSG_PING packets.
- The server buffers responses indefinitely, leading to high RAM consumption.
- If enough packets are sent, the server's memory and CPU usage will spike, causing a DoS condition.

## Usage
```sh
python3 CVE-2025-26466.py --host <target_ip> --port 22 --count 500 --threads 100000000
```

### Parameters:
- `--host` : Target SSH server IP address.
- `--port` : Target SSH port (default: 22).
- `--count` : Number of packets to send (default: 500).
- `--threads` : Number of concurrent attack threads (default: 100000000).

## Mitigation
- Upgrade OpenSSH to a patched version that mitigates CVE-2025-26466.
- Configure `LoginGraceTime`, `MaxStartups`, and `PerSourcePenalties` to limit unauthenticated connections.
- Use firewall rules to rate-limit SSH connections.

## Disclaimer
This script is provided for educational and testing purposes only. Use it only on systems you have explicit permission to test. Unauthorized use against third-party systems may be illegal and is strictly prohibited.

文件快照


 [4.0K]  /data/pocs/55b450cbc722e12bce9ee1c4d177c1e36fd62f66
├── [1.9K]  CVE-2025-26466.py
└── [1.8K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。