CVE-2016-6515
Description
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
84.415
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| secure shell (SSH) for secure access to remote machines (USN-3061-1) openssh-server_7.2p2-4ubuntu2.1_i386.deb | Linux |
| secure shell (SSH) for secure access to remote machines (USN-3061-1) openssh-server_7.2p2-4ubuntu2.1_amd64.deb | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-askpass-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-cavs-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-clients-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-keycat-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-ldap-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-server-7.4p1-11.el7.x86_64.rpm | Linux |
| (RHSA-2017:2029) openssh security, bug fix, and enhancement update openssh-server-sysvinit-7.4p1-11.el7.x86_64.rpm | Linux |
| Improper Input Validation Vulnerability (CVE-2016-6515) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234