VDB
CVE-2006-4925
CVE-2006-4925
PUBLISHED
CVSS 5 MEDIUM
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
EPSS 3.37% · 87.6th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
3.37%
87.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openssh | 4.5 |
| n/a | n/a | n/a |
Exploit Intelligence
- 22298 (circl)
- https://issues.rpath.com/browse/RPL-661 (circl)
- 20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server (circl)
- SUSE-SR:2006:024 (circl)
- SUSE-SA:2006:062 (circl)
- https://issues.rpath.com/browse/RPL-681 (circl)
- 22495 (circl)
- MDKSA-2006:179 (circl)
- 23038 (circl)
- 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server (circl)
…and 4 more exploits
Timeline
- Sep 29, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jun 25, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
References
- 23038 third-party-advisory
- 20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server mailing-list
- SUSE-SR:2006:024 vendor-advisory
- SUSE-SA:2006:062 vendor-advisory
- https://issues.rpath.com/browse/RPL-681 url
- 22298 third-party-advisory
- http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.144&r2=1.145&f=h url
- 22495 third-party-advisory
- 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server mailing-list
- OpenPKG-SA-2006.022 vendor-advisory
- 22245 third-party-advisory
- https://issues.rpath.com/browse/RPL-661 url
- http://bugs.gentoo.org/show_bug.cgi?id=148228 url
- MDKSA-2006:179 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-4925 advisory