CVE-2026-55654
⚪ Do wiadomości
Błąd w OpenSSH umożliwia zdalnemu atakującemu wywołanie awarii usługi SSH.
CVSS
3.7
EPSS
0.3%
Exploit
poc
Vendor
redhat
Opis źródłowy (NVD)
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.
dos exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.7 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-23 04:17:40 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-25 16:59:23 UTC |
Referencje
- https://access.redhat.com/security/cve/CVE-2026-55654 (secalert@redhat.com) [Vendor Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2462493 (secalert@redhat.com) [Exploit, Issue Tracking, Vendor Advisory]