The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
References
Configurations
History
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-08-07 21:59
Updated : 2024-02-04 18:53
NVD link : CVE-2016-6515
Mitre link : CVE-2016-6515
CVE.ORG link : CVE-2016-6515
JSON object : View
Products Affected
fedoraproject
- fedora
openbsd
- openssh
CWE
CWE-20
Improper Input Validation