Upstream information

CVE-2016-1907 at MITRE

Description

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.3
Vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Access Vector Network
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact Low

Note from the SUSE Security Team

This problem was introduced in openssh 6.8 and so affects only openssh versions 6.8 up to 7.1p1. None of the SUSE Linux Enterprise or openSUSE versions are affected.

SUSE Bugzilla entry: 962495 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.