Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for openssh by Ubuntu

    CVE-2026-3497 (GCVE-0-2026-3497)

    Vulnerability from nvd – Published: 2026-03-12 18:27 – Updated: 2026-06-30 12:09
    VLAI
    Summary
    Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    URL Tags
    https://ubuntu.com/security/CVE-2026-3497 vdb-entry
    https://www.openwall.com/lists/oss-security/2026/…
    http://www.openwall.com/lists/oss-security/2026/03/12/3
    http://www.openwall.com/lists/oss-security/2026/03/14/3
    http://www.openwall.com/lists/oss-security/2026/03/14/4
    http://www.openwall.com/lists/oss-security/2026/03/18/2
    http://www.openwall.com/lists/oss-security/2026/03/18/4
    http://www.openwall.com/lists/oss-security/2026/03/18/5
    http://www.openwall.com/lists/oss-security/2026/03/18/7
    https://lists.debian.org/debian-lts-announce/2026…
    https://access.redhat.com/security/cve/CVE-2026-3497 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2447085 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:21695 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17596 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12071 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6463 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6461 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13750 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9732 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9415 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10065 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Ubuntu openssh Affected: 1:10.0p1-5ubuntu5 , < 1:10.0p1-5ubuntu5.1 (dpkg)
    Affected: 1:9.6p1-3ubuntu13 , < 1:9.6p1-3ubuntu13.15 (dpkg)
    Affected: 1:8.9p1-3 , < 1:8.9p1-3ubuntu0.14 (dpkg)
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Date Public
    2026-03-12 18:00
    Credits
    Jeremy Brown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:04:05.760026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:04:27.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-16T18:24:30.556Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/14/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/14/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/7"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "unknown",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "unknown",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-12T18:27:44.917Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-824",
                    "description": "Access of Uninitialized Pointer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:09:26.342Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3497"
              },
              {
                "name": "RHBZ#2447085",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21695"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17596"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12071"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20040"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7107"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6463"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6461"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15891"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14924"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13750"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9732"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9415"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19724"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19725"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10065"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17596: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12071: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20040: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7107: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6463: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6461: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15891: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15893: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14924: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13750: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10714: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9732: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9415: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6462: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19724: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19725: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5475: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-12T19:01:37.007Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-12T18:27:44.917Z",
                "value": "Made public."
              }
            ],
            "title": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, disable GSSAPI key exchange in the OpenSSH server configuration. This prevents the server from processing GSSAPI messages, eliminating the vulnerability\u0027s attack surface.\n\nEdit `/etc/ssh/sshd_config` and add or modify the line:\n```\nGSSAPIKeyExchange no\n```\n\nAfter saving the changes, restart the `sshd` service for the mitigation to take effect. This action will prevent users from authenticating via GSSAPI.\n\n```\n# systemctl restart sshd\n```"
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://launchpad.net/ubuntu/",
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "openssh",
              "repo": "https://launchpad.net/ubuntu/+source/openssh",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "1:10.0p1-5ubuntu5.1",
                  "status": "affected",
                  "version": "1:10.0p1-5ubuntu5",
                  "versionType": "dpkg"
                },
                {
                  "lessThan": "1:9.6p1-3ubuntu13.15",
                  "status": "affected",
                  "version": "1:9.6p1-3ubuntu13",
                  "versionType": "dpkg"
                },
                {
                  "lessThan": "1:8.9p1-3ubuntu0.14",
                  "status": "affected",
                  "version": "1:8.9p1-3",
                  "versionType": "dpkg"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jeremy Brown"
            }
          ],
          "datePublic": "2026-03-12T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:44:06.073Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://ubuntu.com/security/CVE-2026-3497"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2026-3497",
        "datePublished": "2026-03-12T18:27:44.917Z",
        "dateReserved": "2026-03-03T19:33:05.664Z",
        "dateUpdated": "2026-06-30T12:09:26.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3497 (GCVE-0-2026-3497)

    Vulnerability from cvelistv5 – Published: 2026-03-12 18:27 – Updated: 2026-06-30 12:09
    VLAI
    Summary
    Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    References
    URL Tags
    https://ubuntu.com/security/CVE-2026-3497 vdb-entry
    https://www.openwall.com/lists/oss-security/2026/…
    http://www.openwall.com/lists/oss-security/2026/03/12/3
    http://www.openwall.com/lists/oss-security/2026/03/14/3
    http://www.openwall.com/lists/oss-security/2026/03/14/4
    http://www.openwall.com/lists/oss-security/2026/03/18/2
    http://www.openwall.com/lists/oss-security/2026/03/18/4
    http://www.openwall.com/lists/oss-security/2026/03/18/5
    http://www.openwall.com/lists/oss-security/2026/03/18/7
    https://lists.debian.org/debian-lts-announce/2026…
    https://access.redhat.com/security/cve/CVE-2026-3497 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2447085 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:21695 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13812 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21690 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14773 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20087 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17596 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12071 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20040 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:7107 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6463 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6461 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:15893 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:14924 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13750 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10714 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9732 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9415 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:6462 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19724 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19725 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16008 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16030 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:16174 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:5475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:10065 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Ubuntu openssh Affected: 1:10.0p1-5ubuntu5 , < 1:10.0p1-5ubuntu5.1 (dpkg)
    Affected: 1:9.6p1-3ubuntu13 , < 1:9.6p1-3ubuntu13.15 (dpkg)
    Affected: 1:8.9p1-3 , < 1:8.9p1-3ubuntu0.14 (dpkg)
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el8
    Create a notification for this product.
    Red Hat Middleware Containers for OpenShift     cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 8)     cpe:/o:redhat:enterprise_linux:8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.4)     cpe:/o:redhat:rhel_aus:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)     cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS AUS (v.8.6)     cpe:/o:redhat:rhel_aus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.6)     cpe:/o:redhat:rhel_e4s:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.6)     cpe:/o:redhat:rhel_tus:8.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.8.8)     cpe:/o:redhat:rhel_e4s:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS TUS (v.8.8)     cpe:/o:redhat:rhel_tus:8.8::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.0)     cpe:/o:redhat:rhel_e4s:9.0::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS E4S (v.9.2)     cpe:/o:redhat:rhel_e4s:9.2::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.4)     cpe:/o:redhat:rhel_eus:9.4::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS EUS (v.9.6)     cpe:/o:redhat:rhel_eus:9.6::baseos
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux BaseOS (v. 9)     cpe:/o:redhat:enterprise_linux:9::baseos
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.2     cpe:/a:redhat:ai_inference_server:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat AI Inference Server 3.3     cpe:/a:redhat:ai_inference_server:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Update Infrastructure 5     cpe:/a:redhat:rhui:5::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Date Public
    2026-03-12 18:00
    Credits
    Jeremy Brown
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T19:04:05.760026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T19:04:27.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-16T18:24:30.556Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/14/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/14/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/2"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/18/7"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.12::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.12",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhosemc:1.0::el8"
                ],
                "defaultStatus": "affected",
                "product": "Middleware Containers for OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.14::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.14",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.15::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.15",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.16::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.16",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.17::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.17",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.18::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.18",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.19::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux_eus:10.0"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_aus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_tus:8.8::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.0::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_e4s:9.2::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.4::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_eus:9.6::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9::baseos"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ai_inference_server:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat AI Inference Server 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhui:5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Update Infrastructure 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "unknown",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "unknown",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unknown",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-12T18:27:44.917Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-824",
                    "description": "Access of Uninitialized Pointer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:09:26.342Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-3497"
              },
              {
                "name": "RHBZ#2447085",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21695"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13812"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:21690"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14773"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20087"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:17596"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:12071"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:20040"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7107"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6463"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6461"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15891"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:15893"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:14924"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:13750"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10714"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9732"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:9415"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:6462"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25096"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19724"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:19725"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16008"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16030"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16009"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:16174"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:5475"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:10065"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13812: Middleware Containers for OpenShift"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:17596: Red Hat OpenShift Container Platform 4.17"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:12071: Red Hat OpenShift Container Platform 4.18"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:20040: Red Hat OpenShift Container Platform 4.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7107: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6463: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6461: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15891: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:15893: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:14924: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:13750: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10714: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9732: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:9415: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:6462: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25096: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19724: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:19725: Red Hat AI Inference Server 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16008: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16030: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16009: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:16174: Red Hat AI Inference Server 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:5475: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-12T19:01:37.007Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-12T18:27:44.917Z",
                "value": "Made public."
              }
            ],
            "title": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this issue, disable GSSAPI key exchange in the OpenSSH server configuration. This prevents the server from processing GSSAPI messages, eliminating the vulnerability\u0027s attack surface.\n\nEdit `/etc/ssh/sshd_config` and add or modify the line:\n```\nGSSAPIKeyExchange no\n```\n\nAfter saving the changes, restart the `sshd` service for the mitigation to take effect. This action will prevent users from authenticating via GSSAPI.\n\n```\n# systemctl restart sshd\n```"
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://launchpad.net/ubuntu/",
              "defaultStatus": "unaffected",
              "packageName": "openssh",
              "product": "openssh",
              "repo": "https://launchpad.net/ubuntu/+source/openssh",
              "vendor": "Ubuntu",
              "versions": [
                {
                  "lessThan": "1:10.0p1-5ubuntu5.1",
                  "status": "affected",
                  "version": "1:10.0p1-5ubuntu5",
                  "versionType": "dpkg"
                },
                {
                  "lessThan": "1:9.6p1-3ubuntu13.15",
                  "status": "affected",
                  "version": "1:9.6p1-3ubuntu13",
                  "versionType": "dpkg"
                },
                {
                  "lessThan": "1:8.9p1-3ubuntu0.14",
                  "status": "affected",
                  "version": "1:8.9p1-3",
                  "versionType": "dpkg"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jeremy Brown"
            }
          ],
          "datePublic": "2026-03-12T18:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-12T18:44:06.073Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://ubuntu.com/security/CVE-2026-3497"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2026-3497",
        "datePublished": "2026-03-12T18:27:44.917Z",
        "dateReserved": "2026-03-03T19:33:05.664Z",
        "dateUpdated": "2026-06-30T12:09:26.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }