CVE-2018-15473

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15473.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-15473
Downstream
Related
Published
2018-08-17T19:29:00Z
Modified
2025-08-26T15:50:20Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2018-15473-2a3afae5",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "119975464824009469413883312213089211775",
                "274698482336539058551077063517635818430",
                "86711230683139209951626643804467795531",
                "262949122131880208000418495173309310484",
                "87022270268444924629351939185921107588",
                "150843297929786961686061401556345263667",
                "159519716029805821732395735951191993143",
                "110077194506647403043837940407835452879",
                "204969604743243839754623716022090260991",
                "328941983918241414113512288903415025947",
                "264634291577293671884527984895384111239",
                "1766804874425059854149063106767579377",
                "115250589483112738565630367401884680141",
                "104832178302712894352455473796841912832",
                "60418795427745263238428104311032676737",
                "300321231866655426968697157531092865005",
                "167012515418482683382639496592960378804",
                "154327093979707861485282926287294992132",
                "74032963134284418029763131694776540488",
                "255414229419176543077674420418842924988",
                "144140290594414581245317570338444627783",
                "228742451295151995708647298447348455674",
                "36267913938201863080127835789111565196",
                "70711496218795990807703803538247883690",
                "126375797009571522855267999939565856948",
                "298848453172800519760120639588797034836",
                "268798783962682597345105426075541078666",
                "147099324874960870976415514941924067388",
                "199963864573824354632195165283499265179",
                "124863310965861666377321584017895736413",
                "152706570059307855534170220038074189883",
                "31985583888174520582460384287868071270",
                "311800891991238705913025629161228012736",
                "314568444815469404449616018141456982511"
            ]
        },
        "target": {
            "file": "usr.bin/ssh/auth2-pubkey.c"
        }
    },
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2018-15473-3d6fac5a",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "118719721786177699049400526304218089118",
                "21853781138843863250019365630767955918",
                "258197830915776318986477863395068571072",
                "130197575787330828243374517017865409017",
                "271608615342747687524716193551730937341",
                "331488573538470210612662617593630223018",
                "48721736397588038626008942836747461164",
                "114069187508636402931862011734516939273",
                "220385532881783054975697087030998248650"
            ]
        },
        "target": {
            "file": "usr.bin/ssh/auth2-gss.c"
        }
    },
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2018-15473-a0a29089",
        "digest": {
            "function_hash": "325235706176349412555394121092963357979",
            "length": 4335.0
        },
        "target": {
            "function": "userauth_pubkey",
            "file": "usr.bin/ssh/auth2-pubkey.c"
        }
    },
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2018-15473-b3cb59f6",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "239875327327373825409506145374136896093",
                "76934019248429903571503393577152993433",
                "339534628931607781308670996022115043522",
                "319064688410491107005435775355165222517",
                "115250589483112738565630367401884680141",
                "77866781888508487842761987839561071026",
                "20086267411113859945551925096050132334",
                "76684314296495416733652832118702050612",
                "236753811845282948568234472528205782673",
                "79699893232428347337556884662331684617",
                "270968600017438065004062669961824600900"
            ]
        },
        "target": {
            "file": "usr.bin/ssh/auth2-hostbased.c"
        }
    },
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2018-15473-ee073a02",
        "digest": {
            "function_hash": "117509395115892751743292488332286348060",
            "length": 1577.0
        },
        "target": {
            "function": "userauth_gssapi",
            "file": "usr.bin/ssh/auth2-gss.c"
        }
    },
    {
        "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2018-15473-f7ba3c85",
        "digest": {
            "function_hash": "1840171710972432913659117789350748496",
            "length": 2918.0
        },
        "target": {
            "function": "userauth_hostbased",
            "file": "usr.bin/ssh/auth2-hostbased.c"
        }
    }
]