Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
Vulnerability Description
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
双重释放
Vulnerability Title
OpenSSH 资源管理错误漏洞
Vulnerability Description
OpenSSH OpenSSH是OpenSSH组织的一个安全管理连接的软件。 OpenSSH存在资源管理错误漏洞,该漏洞源于Diffie-Hellman Group Exchange客户端路径存在双重释放漏洞,在FIPS模式已知组验证期间处理攻击者控制的DH-GEX组参数时发生,成功利用会导致客户端进程终止,造成拒绝服务。以下版本受到影响:Red Hat Enterprise Linux 10、Red Hat Enterprise Linux 6、Red Hat Enterprise Linux 7、Re
CVSS Information
N/A
Vulnerability Type
N/A