The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x up to and including 7.3 allows remote malicious users to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh 6.9 |
||
openbsd openssh 7.3 |
||
openbsd openssh 7.1 |
||
openbsd openssh 7.2 |
||
openbsd openssh 6.8 |
||
openbsd openssh 7.0 |