A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple such connections to run out of server’s memory. Source: https://bugzilla.redhat.com/show_bug.cgi?id=1384860#c5 It is stated that "Affected versions: openssh-6.8p1, openssh-6.9p1, openssh-7.0p1, openssh-7.1p1, openssh-7.2p1, openssh-7.3p1. " but it could affect openssh 6.0 code from wrl5. Upstream patch: https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8858
-