OpenSSH is prone to an integer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. OpenSSH versions 7.7 through 7.9 and 8.x prior to 8.1 are vulnerable.
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.
Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability.
Updates are available. Please see the references or vendor advisory for more information.
CPE | Name | Operator | Version |
---|---|---|---|
openssh openssh | eq | 7.9 | |
openssh openssh | eq | 7.8 | |
openssh openssh | eq | 8.0 | |
openssh openssh | eq | 7.7 |