CVE-2016-6515

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

History

13 Dec 2022, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf -

14 Sep 2021, 13:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf -

Information

Published : 2016-08-07 21:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-6515

Mitre link : CVE-2016-6515

CVE.ORG link : CVE-2016-6515


JSON object : View

Products Affected

fedoraproject

  • fedora

openbsd

  • openssh
CWE
CWE-20

Improper Input Validation