Openssh: denial-of-service in openssh
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Affected products
- =<9.9p1
Matching in nixpkgs
pkgs.opensshTest
Implementation of the SSH protocol
-
nixos-unstable -
- nixpkgs-unstable 10.0p2
pkgs.openssh_hpn
Implementation of the SSH protocol with high performance networking patches
-
nixos-unstable -
- nixpkgs-unstable 10.0p2
pkgs.openssh_gssapi
Implementation of the SSH protocol with GSSAPI support
-
nixos-unstable -
- nixpkgs-unstable 10.0p2
pkgs.opensshWithKerberos
Implementation of the SSH protocol
-
nixos-unstable -
- nixpkgs-unstable 10.0p2
pkgs.openssh_hpnWithKerberos
Implementation of the SSH protocol with high performance networking patches
-
nixos-unstable -
- nixpkgs-unstable 10.0p2
pkgs.perlPackages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
-
nixos-unstable -
- nixpkgs-unstable 0.84
pkgs.lxqt.lxqt-openssh-askpass
GUI to query passwords on behalf of SSH agents
-
nixos-unstable -
- nixpkgs-unstable 2.2.0
pkgs.perl538Packages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
-
nixos-unstable -
- nixpkgs-unstable 0.84
pkgs.perl540Packages.NetOpenSSH
Perl SSH client package implemented on top of OpenSSH
-
nixos-unstable -
- nixpkgs-unstable 0.84
Package maintainers
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@philiptaron Philip Taron <philip.taron@gmail.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@wahjava Ashish SHUKLA <ashish.is@lostca.se>