NULL Pointer Dereference in openssh

Do your applications use this vulnerable package? Test your applications

Overview

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

References

CONFIRM
CONFIRM
Debian Security Announcement
Debian Security Announcement
Debian Security Tracker
MISC
MISC
MISC
Netapp Security Advisory
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2016-10708
CWE: CWE-476
Snyk ID: SNYK-DEBIAN8-OPENSSH-368780
Disclosed: 21 Jan, 2018
Published: 21 Jan, 2018

NULL Pointer Dereference
Affecting openssh package, versions <1:6.7p1-5+deb8u6

Overview

References

CVSS Score

NULL Pointer Dereference Affecting openssh package, versions <1:6.7p1-5+deb8u6

Overview

References

NULL Pointer Dereference
Affecting openssh package, versions <1:6.7p1-5+deb8u6