CVE-2011-5000 (Low) detected in opensshV_5_3_P1, uclinuxuClinux-dist-20090618 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2011-5000 - Low Severity Vulnerability

Vulnerable Libraries - opensshV_5_3_P1, uclinuxuClinux-dist-20090618

Vulnerability Details

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Publish Date: 2012-04-05

URL: CVE-2011-5000

CVSS 3 Score Details (3.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000

Release Date: 2012-04-05

Fix Resolution: V_5_9_P1

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.