CVE-2011-5000 — Uncontrolled Resource Consumption in Openssh

CWE-189 CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

3.5LOWNVD

EPSS

0.4%

top 40.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedApr 5

Latest updateMay 17

Description

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:5.9p1-1+3

▶NVDopenbsd/openssh5.8+65

🔴Vulnerability Details

GHSA

GHSA-wq52-9gh8-cwrp: The ssh_gssapi_parse_ename function in gss-serv↗2022-05-17

▶

OSV

CVE-2011-5000: The ssh_gssapi_parse_ename function in gss-serv↗2012-04-05

▶

CVEList

CVE-2011-5000: The ssh_gssapi_parse_ename function in gss-serv↗2012-04-04

▶

💥Exploits & PoCs

Exploit-DB

CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)↗2011-12-09

▶

Exploit-DB

Rockwell RSLogix 19 - Denial of Service↗2011-09-14

▶

📋Vendor Advisories

Red Hat

openssh: post-authentication resource exhaustion bug via GSSAPI↗2011-08-01

▶

Debian

CVE-2011-5000: openssh - The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, wh...↗2011

▶

💬Community

Bugzilla

CVE-2011-5000 openssh: post-authentication resource exhaustion bug via GSSAPI↗2012-04-04

▶

Bugzilla

CVE-2011-5000 openssh: post-authentication resource exhaustion bug via GSSAPI [fedora-all]↗2012-04-04

▶