CVE-2016-8858 | Vulnerability Database | Aqua Security

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that OpenSSH upstream does not consider this as a security issue.

Affected Software

Name	Vendor	Start Version	End Version
Openssh	Openbsd	6.8 (including)	6.8 (including)
Openssh	Openbsd	6.9 (including)	6.9 (including)
Openssh	Openbsd	7.0 (including)	7.0 (including)
Openssh	Openbsd	7.1 (including)	7.1 (including)
Openssh	Openbsd	7.2 (including)	7.2 (including)
Openssh	Openbsd	7.3 (including)	7.3 (including)
Openssh	Ubuntu	esm-infra-legacy/trusty	*
Openssh	Ubuntu	esm-infra/xenial	*
Openssh	Ubuntu	precise	*
Openssh	Ubuntu	precise/esm	*
Openssh	Ubuntu	trusty	*
Openssh	Ubuntu	trusty/esm	*
Openssh	Ubuntu	vivid/stable-phone-overlay	*
Openssh	Ubuntu	vivid/ubuntu-core	*
Openssh	Ubuntu	xenial	*
Openssh	Ubuntu	yakkety	*

References

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126\u0026r2=1.127\u0026f=h
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127\u0026content-type=text/x-cvsweb-markup
http://www.openwall.com/lists/oss-security/2016/10/19/3
http://www.openwall.com/lists/oss-security/2016/10/20/1
http://www.securityfocus.com/bid/93776
http://www.securitytracker.com/id/1037057
https://bugzilla.redhat.com/show_bug.cgi?id=1384860
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/013_ssh_kexinit.patch.sig
https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:33.openssh.asc
https://security.gentoo.org/glsa/201612-18
https://security.netapp.com/advisory/ntap-20180201-0001/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8858
CWE	https://cwe.mitre.org/data/definitions/399.html