CVE-2016-8858
published 2016-12-09CVE-2016-8858: The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
29.46%
97.9th percentile
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:7.3p1-2 (bookworm) | openssh 1:7.3p1-2 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:7.3p1-2 | 1:7.3p1-2 |
| openbsd | openssh | >= 0 < 1:7.3p1-2 | 1:7.3p1-2 |
| openbsd | openssh | >= 0 < 1:7.3p1-2 | 1:7.3p1-2 |
| openbsd | openssh | >= 0 < 1:7.3p1-2 | 1:7.3p1-2 |
| paloalto | prisma_sd | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
vendor_paloalto·2024-04-05·CVSS 4.3
CVE-2007-2768 [MEDIUM] PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the
CVEs: CVE-2007-2768, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-20012, CVE-2016-8858, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-12062, CVE-2021-41617, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-28531, CVE-2023-38408, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767
Affected products: Prisma SD
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
BSD
FreeBSD-SA-16:33.openssh: OpenSSH Remote Denial of Service vulnerability
bsd_advisories·2016-11-02·CVSS 7.5
CVE-2016-8858 [HIGH] FreeBSD-SA-16:33.openssh: OpenSSH Remote Denial of Service vulnerability
FreeBSD-SA-16:33.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH Remote Denial of Service vulnerability
Category: contrib
Module: OpenSSH
Announced: 2016-11-02
Affects: All supported versions of FreeBSD.
Corrected: 2016-11-02 06:56:35 UTC (stable/11, 11.0-STABLE)
2016-11-02 07:23:19 UTC (releng/11.0, 11.0-RELEASE-p3)
2016-11-02 06:58:47 UTC (stable/10, 10.3-STABLE)
2016-11-02 07:23:36 UTC (releng/10.3, 10.3-RELEASE-p12)
CVE Name: CVE-2016-8858
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remote
Red Hat
openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
vendor_redhat·2016-10-17·CVSS 7.5
CVE-2016-8858 [HIGH] openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Statement: The Red Hat Product Security Team does not consider this issue to be a security flaw, for more information please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1384860#c5
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat Enterprise Linux 6) - Not affected
Package: openssh (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-8858: openssh - The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allow...
vendor_debian·2016·CVSS 7.5
CVE-2016-8858 [HIGH] CVE-2016-8858: openssh - The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allow...
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
Scope: local
bookworm: resolved (fixed in 1:7.3p1-2)
bullseye: resolved (fixed in 1:7.3p1-2)
forky: resolved (fixed in 1:7.3p1-2)
sid: resolved (fixed in 1:7.3p1-2)
trixie: resolved (fixed in 1:7.3p1-2)
VulDB
OpenSSH Key Exchange Initialization kex_input_kexinit resource management (Nessus ID 95604 / ID 38753)
vuldb·2026-05-30·CVSS 7.5
CVE-2016-8858 [HIGH] OpenSSH Key Exchange Initialization kex_input_kexinit resource management (Nessus ID 95604 / ID 38753)
A vulnerability categorized as problematic has been discovered in OpenSSH. This affects the function kex_input_kexinit of the component Key Exchange Initialization. Such manipulation leads to improper resource management.
This vulnerability is documented as CVE-2016-8858. The attack can be executed remotely. There is not any exploit available.
The actual existence of this vulnerability is currently in question.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-cfx4-r6f2-m2mc: ** DISPUTED ** The kex_input_kexinit function in kex
ghsa_unreviewed·2022-05-14
CVE-2016-8858 [HIGH] GHSA-cfx4-r6f2-m2mc: ** DISPUTED ** The kex_input_kexinit function in kex
** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
OSV
CVE-2016-8858: The kex_input_kexinit function in kex
osv·2016-12-09·CVSS 7.5
CVE-2016-8858 [HIGH] CVE-2016-8858: The kex_input_kexinit function in kex
The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8858 openssh: Memory exhaustion issue [fedora-all]
bugzilla·2016-10-20·CVSS 7.5
CVE-2016-8858 [HIGH] CVE-2016-8858 openssh: Memory exhaustion issue [fedora-all]
CVE-2016-8858 openssh: Memory exhaustion issue [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
Bugzilla
CVE-2016-8858 openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
bugzilla·2016-10-14·CVSS 7.5
CVE-2016-8858 [HIGH] CVE-2016-8858 openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
CVE-2016-8858 openssh: Memory exhaustion due to unregistered KEXINIT handler after receiving message
A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple such connections to run out of server’s memory.
Affected versions: openssh-6.8p1, openssh-6.9p1, openssh-7.0p1, openssh-7.1p1, openssh-7.2p1, openssh-7.3p1.
Upstream patch:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
Discussion:
Acknowledgments:
Name: Shi Lei (Qihoo 360)
---
Upstream patch:
https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad
---
Analysis:
It se
Bugzilla
CVE-2015-8858 uglify-js: regular expression denial of service
bugzilla·2015-11-04·CVSS 7.5
CVE-2015-8858 [HIGH] CVE-2015-8858 uglify-js: regular expression denial of service
CVE-2015-8858 uglify-js: regular expression denial of service
It was found that uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input are passed to the .parse() function.
This could potentially allow a remote attacker to submit a crafted JavaScript code to a service that minifies it using the uglify-js library, and cause that service to consume an excessive amount of CPU.
External References:
https://nodesecurity.io/advisories/48
Discussion:
Created uglify-js tracking bugs for this issue:
Affects: fedora-all [bug 1277889]
Affects: epel-all [bug 1277892]
---
Created uglify-js1 tracking bugs for this issue:
Affects: fedora-all [bug 1277890]
Affects: epel-all [bug 1277893]
---
CVE assignment:
http://seclists.org/oss-sec/2016/q2/122
-
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=hhttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markuphttp://www.openwall.com/lists/oss-security/2016/10/19/3http://www.openwall.com/lists/oss-security/2016/10/20/1http://www.securityfocus.com/bid/93776http://www.securitytracker.com/id/1037057https://bugzilla.redhat.com/show_bug.cgi?id=1384860https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sighttps://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89adhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.aschttps://security.gentoo.org/glsa/201612-18https://security.netapp.com/advisory/ntap-20180201-0001/http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127&f=hhttp://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markuphttp://www.openwall.com/lists/oss-security/2016/10/19/3http://www.openwall.com/lists/oss-security/2016/10/20/1http://www.securityfocus.com/bid/93776http://www.securitytracker.com/id/1037057https://bugzilla.redhat.com/show_bug.cgi?id=1384860https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sighttps://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89adhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.aschttps://security.gentoo.org/glsa/201612-18https://security.netapp.com/advisory/ntap-20180201-0001/
2016-12-09
Published