Описание
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | needs-triage | |
| questing | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | 20250506.01-0ubuntu2 |
| esm-apps/bionic | released | 20241011.01-0ubuntu1~18.04.0+esm2 |
| esm-apps/xenial | released | 20240716.00-0ubuntu1~16.04.0+esm2 |
| esm-infra/focal | released | 20250116.00-0ubuntu1~20.04.0+esm2 |
| jammy | released | 20250116.00-0ubuntu1~22.04.2 |
| noble | released | 20250116.00-0ubuntu1~24.04.3 |
| plucky | released | 20250116.00-0ubuntu2.2 |
| questing | released | 20250506.01-0ubuntu1.1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | not-affected | code-not-present |
| esm-infra/bionic | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | needs-triage | |
| questing | needs-triage | |
| snap | needs-triage | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
SSH servers parsing GSSAPI authentication requests do not validate the ...
golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption
Уязвимость SSH-сервера библиотеки для языка программирования Go crypto, позволяющая нарушителю оказать воздействие на доступность защищаемой информации
EPSS
5.3 Medium
CVSS3