Description
It was discovered that OpenSSH incorrectly handled the transport-level ping facility.
A remote attacker could possibly use this issue to cause OpenSSH
clients and servers to consume resources, leading to a denial of service.
| CVSS |
3.1 |
| Base Score |
5.9 |
| Severity |
Medium |
| Vector |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector |
Network |
| Attack Complexity |
High |
| Privileges Required |
None |
| User Interaction |
None |
| Scope |
Unchanged |
| Confidentiality Impact |
None |
| Integrity Impact |
None |
| Availability Impact |
High |
| CVSS |
4.0 |
| Base Score |
8.2 |
| Vector |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| Attack Vector |
Network |
| Attack Complexity |
High |
| Attack Requirements |
None |
| Privileges Required |
None |
| User Interaction |
None |
| Vulnerable System Confidentiality Impact |
None |
| Vulnerable System Integrity Impact |
None |
| Vulnerable System Availability Impact |
High |
| Subsequent System Confidentiality Impact |
None |
| Subsequent System Integrity Impact |
None |
| Subsequent System Availability Impact |
None |
Affected OpenSSH versions: 9.5p1 to 9.9p1
References
