CVE-2016-10708

7.5HIGH

Key Information:

Vendor: OpenBSD
Status: Openssh
Vendor: CVE Published:; 21 January 2018

Summary

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

References

https://www.openssh.com/releasenotes.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20180423-0003/

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2018/01/msg0...

mailing-listx_refsource_MLIST

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2018
Vulnerability Reserved
Jan 21, 2018