Main Vulnerability Database Vulnerabilities #VU252

#VU252 Consuming excessive CPU resources on the target system in OpenSSH - CVE-2016-6515

Published: August 2, 2016 / Updated: October 30, 2024

Vulnerability identifier: #VU252

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2016-6515

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
OpenSSH

Software vendor:
OpenSSH

Description

The vulnerability allows a remote attacker to consume excessive CPU resources on the target system.

The vulnerability exists in the crypt(3) function, which accepts passwords longer that 1024 characters in auth_password() function in the auth_passwd.c . A remote unauthenticated attacker can submit a very long string as a password and consume excessive CPU resources.

Successful exploitation of this vulnerability may result in denial of service.

Remediation

Install the latest version of OpenSSH 7.3.

External links

http://www.openssh.com/txt/release-7.3

#VU252 Consuming excessive CPU resources on the target system in OpenSSH - CVE-2016-6515

Description

Remediation

External links

Please verify you're human