Your submission was sent successfully! Close

CVE-2016-8858

Published: 9 December 2016

** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

Priority

Negligible

CVSS 3 base score: 7.5

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian 		artful Not vulnerable
(1:7.3p1-2)
precise Ignored

trusty Ignored

upstream Needs triage

xenial Ignored

yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(1:7.3p1-2)

Notes

AuthorNote
mdeslaur 
DoS is limited to attacker's connection only, and openssh
upstream does not consider this to be a security issue
We do not consider this to be a security issue either, marking
as ignored

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading