CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/14

Open

LOW (1.4)

T
Tim Bastin detected CVE-2025-22869 with a risk of 2.12
main
System updated the risk assessment from 2.12 to 1.41
main
System recalculated raw risk assessment
System updated the risk assessment from 1.41 to 4.25
main
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2025-22869 with scanner: container-scanning
main
System updated the risk assessment from 4.25 to 0.86
main
System recalculated raw risk assessment
System updated the risk assessment from 0.86 to 1.41
main
System recalculated raw risk assessment
System created a ticket for CVE-2025-22869
main
Everything after this entry will be synced with the external system. The ticket can be found at https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/14

Add a comment

Comment will be synced with https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/14

Last calculated at:

Affected component

golang.org/x/crypto

Installed version:

0.32.0

Fixed in:

v0.35.0

Show in dependency graph

Quick Fix

Update all Dependencies

Update only golang.org/x/crypto