CVE-2016-8858 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-8858 PUBLISHED

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

EPSS 27.13% · 96.3th percentile

Risk Scores

EPSS Score

27.13%

96.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	openssh	0, 1:6.2p2-6, 1:6.2p2-6ubuntu1
Ubuntu:Pro:16.04:LTS	openssh	0, 1:6.9p1-2, 1:6.9p1-3

Timeline

Oct 19, 2016 CVE Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
May 8, 2023 EPSS Score
Sep 30, 2023 EPSS Score
Mar 11, 2024 EPSS Score
May 7, 2024 CVE Updated
Aug 13, 2024 EPSS Score
Oct 9, 2024 PoC Published

References

https://ubuntu.com/security/CVE-2016-8858 third-party-advisory
http://seclists.org/oss-sec/2016/q4/185 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2016-8858 third-party-advisory
Multiples vulnérabilités dans les produits Siemens advisory

Open in Interactive Console →