CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

CVE-2026-55653

CVE-2026-55653 affects OpenSSH and describes a double-free in the DH-GEX client path during FIPS known-group validation, allowing a malicious SSH server to terminate the client process and cause a Denial of Service. The issue is tied to processing attacker-controlled DH-GEX group parameters and i...

EUVD-2026-38412

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

Linux Distros Unpatched Vulnerability : CVE-2026-55653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie- Hellman Group Exchange DH-GEX client path. This occur...

Astra Linux – Vulnerability in libssh2

In libssh2 before version 1.9.0, the kexmethoddiffiehellmangroupexchangesha256keyexchange function in kex.c contains an integer overflow that could lead to an out-of-bounds read when packets are read from the server. A remote attacker who compromises an SSH server may be able to disclose sensitiv...

openssh security update

7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...

Linux: BSI TR-02102-4 3.3 Key Exchange Methods

When establishing the SSH connection, keys are exchanged in order to create and exchange shared session keys for authentication and encryption. The following key exchange methods are recommended: diffie-hellman-group-exchange-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512,...

PT-2019-6236 · Libssh2 +3 · Libssh2 +3

Name of the Vulnerable Software and Affected Versions: libssh2 versions prior to 1.9.0 Description: The issue is related to an integer overflow in the kex method diffie hellman group exchange sha256 key exchange function of the kex.c component in the Libssh2 library, which implements the SSH2...

SUSE SLED11 / SLES11 Security Update : libssh2_org (SUSE-SU-2016:0723-1)

This update for libssh2org fixes the following issues : - Add SHA256 support for DH group exchange fate320343, bsc961964 - fix CVE-2016-0787 bsc967026 - Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Note...

Putty 0.64 Denial Of Service

Exploit title: putty v0.64 denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link: http://the.earth.li/sgtatham/putty/latest/x86/putty-0.64-installer.exe Version: 0.64 Author: 3unnym00n Details: -------- when doing the ssh dh group exchange...

FileZilla 3.11.0.2 Denial Of Service

Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link:...

FileZilla 3.11.0.2 SFTP Module - Denial of Service

FileZilla 3.11.0.2 SFTP Module - Denial of Service ''' Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link:...

Putty 0.64 - Denial of Service

Putty 0.64 - Denial of Service ''' Exploit title: putty v0.64 denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link: http://the.earth.li/sgtatham/putty/latest/x86/putty-0.64-installer.exe Version: 0.64 Author: 3unnym00n Details: --------...

Putty 0.64 - Denial of Service

''' Exploit title: putty v0.64 denial of service vulnerability Date: 5-6-2015 Vendor homepage: http://www.chiark.greenend.org.uk Software Link: http://the.earth.li/sgtatham/putty/latest/x86/putty-0.64-installer.exe Version: 0.64 Author: 3unnym00n Details: -------- when doing the ssh dh group...