| ID |
CVE-2016-8858
|
| Summary |
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:7.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
-
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.8 (as of 11-04-2024 - 00:56) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| refmap
via4
|
| bid | 93776 | | confirm | https://security.netapp.com/advisory/ntap-20180201-0001/ | | freebsd | FreeBSD-SA-16:33 | | gentoo | GLSA-201612-18 | | misc | | | mlist | - [oss-security] 20161019 CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH
- [oss-security] 20161020 Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH
| | sectrack | 1037057 |
|
| Last major update |
11-04-2024 - 00:56 |
| Published |
09-12-2016 - 11:59 |
| Last modified |
11-04-2024 - 00:56 |
