Main Vulnerability Database Vulnerabilities #VU124014

#VU124014 Resource management error in openssh-server (Ubuntu package) - CVE-2026-3497

Published: March 13, 2026

Vulnerability identifier: #VU124014

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-3497

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
openssh-server (Ubuntu package)

Software vendor:
Canonical Ltd.

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of disconnecting clients in OpenSSH GSSAPI Key Exchange when GSSAPIKeyExchange setting is enabled. An authenticated user can crash the OpenSSH server or potentially execute arbitrary code.

Remediation

Install updates from vendor's website.

External links

https://www.openwall.com/lists/oss-security/2026/03/12/3

#VU124014 Resource management error in openssh-server (Ubuntu package) - CVE-2026-3497

Description

Remediation

External links

Please verify you're human