ASA-202506-9 log raw
[ASA-202506-9] sslh: denial of service |
---|
Arch Linux Security Advisory ASA-202506-9
=========================================
Severity: Medium
Date : 2025-06-21
CVE-ID : CVE-2025-46807
Package : sslh
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-2902
Summary
=======
The package sslh before version 2.2.4-1 is vulnerable to denial of
service.
Resolution
==========
Upgrade to 2.2.4-1.
# pacman -Syu "sslh>=2.2.4-1"
The problem has been fixed upstream in version 2.2.4.
Workaround
==========
None.
Description
===========
A Allocation of Resources Without Limits or Throttling vulnerability in
sslh allows attackers to easily exhaust the file descriptors in sslh
and deny legitimate users service.
Impact
======
A remote attacker could exhaust file descriptors by opening multiple
incomplete connections, leading to denial of service.
References
==========
https://security.opensuse.org/2025/06/13/sslh-denial-of-service-vulnerabilities.html#issue-segfault
https://github.com/yrutschle/sslh/commit/ff8206f7c8a47f901b78a1b78db5a4c788f6aa6f
https://github.com/yrutschle/sslh/releases/tag/v2.2.4
https://security.archlinux.org/CVE-2025-46807
|