Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4924Openssh vulnerability

CWE-39914 documents10 sources
Severity
7.8HIGHNVD
EPSS
54.3%
top 1.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Openbsd Openssh
Timeline
PublishedSep 27
Latest updateMay 3

Description

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

Debianopenbsd/openssh< 1:4.3p2-4+3
NVDopenbsd/openssh56 versions+55

Patches

Patch: www.debian.orgPatch: www.debian.orgPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-8x5c-jhv9-65x6: sshd in OpenSSH before 42022-05-03
OSV
CVE-2006-4924: sshd in OpenSSH before 42006-09-27
CVEList
CVE-2006-4924: sshd in OpenSSH before 42006-09-27

💥Exploits & PoCs

1
Exploit-DB
OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service2006-09-27

📋Vendor Advisories

4
Ubuntu
openssh vulnerabilities2006-10-02
BSD
FreeBSD-SA-06:22.openssh: Multiple vulnerabilities in OpenSSH2006-09-30
Red Hat
openssh DoS2006-09-19
Debian
CVE-2006-4924: openssh - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote...2006

💬Community

5
Bugzilla
CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)2006-09-30
Bugzilla
CVE-2006-4924 openssh DoS2006-09-27
Bugzilla
CVE-2006-4924 openssh DoS2006-09-27
Bugzilla
CVE-2006-4924 openssh DoS2006-09-25
Bugzilla
CVE-2006-4924 openssh DoS2006-09-25
CVE-2006-4924 — Openbsd Openssh vulnerability | cvebase