Wind River Support Network


LIN6-11910 : Security Advisory - openssh - CVE-2016-8858

Created: Nov 6, 2016    Updated: Dec 3, 2018
Resolved Date: Nov 10, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple such connections to run out of server’s memory. 


It is stated that "Affected versions: openssh-6.8p1, openssh-6.9p1, openssh-7.0p1, openssh-7.1p1, openssh-7.2p1, openssh-7.3p1. " but it could affect openssh 6.0 code from wrl5.

Upstream patch:

Steps to Reproduce


Other Downloads

Live chat