Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Network-delivered via malicious server (AV:N), no privileges needed on attacker side (PR:N), but victim must initiate the connection (UI:R); impact is client-process termination only (A:L), no C or I impact.
Primary rating from Vendor (redhat).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
AnalysisAI
Client-side Denial of Service in OpenSSH's Diffie-Hellman Group Exchange implementation allows a malicious SSH server to crash connecting clients running in FIPS mode. When a victim initiates an SSH connection to an attacker-controlled server, the server sends crafted DH-GEX group parameters that trigger a double free (CWE-415) during FIPS known-group validation, terminating the client process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two simultaneous conditions: (1) the OpenSSH client must be operating in FIPS mode - this is a non-default configuration typically enforced via system-wide FIPS policy (e.g., 'fips-mode-setup --enable' on RHEL) and is not present in standard installations; and (2) the victim user must actively initiate an SSH connection (UI:R) to a server controlled by the attacker. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.3 (Medium) reflects an availability-only impact limited to the client process (A:L, S:U), with no confidentiality or integrity consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker operating a malicious SSH server on the internet (or on an internal network via server compromise or ARP poisoning) waits for a victim on a FIPS-mode RHEL or OpenShift system to initiate an SSH connection. When the victim's OpenSSH client begins the DH-GEX key exchange, the malicious server returns specially crafted group parameters that trigger the double free during FIPS known-group validation, causing the client process to crash and aborting the session. … |
| Remediation | No specific patched version of OpenSSH or Red Hat package has been identified in the available data; administrators should monitor https://access.redhat.com/security/cve/CVE-2026-55653 for errata as Red Hat releases fixes. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Same weakness CWE-415 – Double Free
View allSame technique Denial Of Service
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | undetermined | 1:8.4p1-5+deb11u3 | - |
| bullseye (security) | undetermined | 1:8.4p1-5+deb11u7 | - |
| bookworm | undetermined | 1:9.2p1-2+deb12u10 | - |
| bookworm (security) | undetermined | 1:9.2p1-2+deb12u9 | - |
| trixie | undetermined | 1:10.0p1-7+deb13u4 | - |
| trixie (security) | undetermined | 1:10.0p1-7+deb13u2 | - |
| forky, sid | undetermined | 1:10.3p1-4 | - |
| (unstable) | fixed | undetermined | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38412
GHSA-28f3-55mq-pp68