Описание
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Отчет
The Red Hat Product Security Team does not consider this issue to be a security flaw, for more information please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1384860#c5
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssh | Not affected | ||
| Red Hat Enterprise Linux 6 | openssh | Not affected | ||
| Red Hat Enterprise Linux 7 | openssh | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS3
5 Medium
CVSS2
Связанные уязвимости
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through ...
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Уязвимость средства криптографической защиты OpenSSH, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.8 Medium
CVSS3
5 Medium
CVSS2