VDB
ALPINE-CVE-2018-15473
ALPINE-CVE-2018-15473
PUBLISHED
CVSS 5.300000190734863 MEDIUM
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.12 | openssh | *, *, 6.6_p1-r3 |
| Alpine:v3.13 | openssh | 7.6_p1-r1, 7.7_p1-r0, 7.7_p1-r1 |
| Alpine:v3.17 | openssh | 5.8_p2-r1, 0, 5.1 |
| Alpine:v3.18 | openssh | 0, 5.1, 5.1 |
| Alpine:v3.19 | openssh | 6.6_p1-r2, 0, 5.1 |
| Alpine:v3.21 | openssh | 5.4_p1-r2, 5.4_p1-r1, 5.4_p1-r0 |
| Alpine:v3.15 | openssh | 6.1_p1-r2, 6.1_p1-r0, 6.0_p1-r0 |
| Alpine:v3.23 | openssh | 6.0_p1-r0, 5.8, 5.8 |
| Alpine:v3.14 | openssh | 7.5, 0, 0 |
| Alpine:v3.20 | openssh | 5.1, 6.8_p1-r2, 6.8_p1-r1 |
| Alpine:v3.11 | openssh | 6.4_p1-r3, 6.6_p1-r3, 6.7_p1-r3 |
| Alpine:v3.16 | openssh | *, 0, 5.1 |
| Alpine:v3.10 | openssh | 5.4_p1-r0, 5.3_p1-r3, 5.2_p1-r3 |
| Alpine:v3.7 | openssh | *, 5.1, 0 |
| Alpine:v3.6 | openssh | 6.6_p1-r0, 6.6_p1-r1, 6.6_p1-r2 |
| Alpine:v3.8 | openssh | 5.8_p1-r1, 0, 5.1 |
| Alpine:v3.24 | openssh | 0, 0 |
| Alpine:v3.9 | openssh | 5.8_p2-r1, 5.9_p1-r1, 5.9_p1-r2 |
| Alpine:v3.5 | openssh | 5.2, 0, 5.1 |
| Alpine:v3.22 | openssh | 5.5, 5.6, 5.6 |
Timeline
- Aug 17, 2018 CVE Published
- Jan 2, 2019 PoC Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated