CVE-2018-15473

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-15473.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-15473
Downstream
Related
Published
2018-08-17T19:29:00Z
Modified
2025-08-26T15:50:20Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
779974d35b4859c07bc3cb8a12c74b43b0a7d1e0

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "119975464824009469413883312213089211775",
                    "274698482336539058551077063517635818430",
                    "86711230683139209951626643804467795531",
                    "262949122131880208000418495173309310484",
                    "87022270268444924629351939185921107588",
                    "150843297929786961686061401556345263667",
                    "159519716029805821732395735951191993143",
                    "110077194506647403043837940407835452879",
                    "204969604743243839754623716022090260991",
                    "328941983918241414113512288903415025947",
                    "264634291577293671884527984895384111239",
                    "1766804874425059854149063106767579377",
                    "115250589483112738565630367401884680141",
                    "104832178302712894352455473796841912832",
                    "60418795427745263238428104311032676737",
                    "300321231866655426968697157531092865005",
                    "167012515418482683382639496592960378804",
                    "154327093979707861485282926287294992132",
                    "74032963134284418029763131694776540488",
                    "255414229419176543077674420418842924988",
                    "144140290594414581245317570338444627783",
                    "228742451295151995708647298447348455674",
                    "36267913938201863080127835789111565196",
                    "70711496218795990807703803538247883690",
                    "126375797009571522855267999939565856948",
                    "298848453172800519760120639588797034836",
                    "268798783962682597345105426075541078666",
                    "147099324874960870976415514941924067388",
                    "199963864573824354632195165283499265179",
                    "124863310965861666377321584017895736413",
                    "152706570059307855534170220038074189883",
                    "31985583888174520582460384287868071270",
                    "311800891991238705913025629161228012736",
                    "314568444815469404449616018141456982511"
                ]
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-pubkey.c"
            },
            "signature_type": "Line",
            "id": "CVE-2018-15473-2a3afae5"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "118719721786177699049400526304218089118",
                    "21853781138843863250019365630767955918",
                    "258197830915776318986477863395068571072",
                    "130197575787330828243374517017865409017",
                    "271608615342747687524716193551730937341",
                    "331488573538470210612662617593630223018",
                    "48721736397588038626008942836747461164",
                    "114069187508636402931862011734516939273",
                    "220385532881783054975697087030998248650"
                ]
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-gss.c"
            },
            "signature_type": "Line",
            "id": "CVE-2018-15473-3d6fac5a"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 4335.0,
                "function_hash": "325235706176349412555394121092963357979"
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-pubkey.c",
                "function": "userauth_pubkey"
            },
            "signature_type": "Function",
            "id": "CVE-2018-15473-a0a29089"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "239875327327373825409506145374136896093",
                    "76934019248429903571503393577152993433",
                    "339534628931607781308670996022115043522",
                    "319064688410491107005435775355165222517",
                    "115250589483112738565630367401884680141",
                    "77866781888508487842761987839561071026",
                    "20086267411113859945551925096050132334",
                    "76684314296495416733652832118702050612",
                    "236753811845282948568234472528205782673",
                    "79699893232428347337556884662331684617",
                    "270968600017438065004062669961824600900"
                ]
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-hostbased.c"
            },
            "signature_type": "Line",
            "id": "CVE-2018-15473-b3cb59f6"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1577.0,
                "function_hash": "117509395115892751743292488332286348060"
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-gss.c",
                "function": "userauth_gssapi"
            },
            "signature_type": "Function",
            "id": "CVE-2018-15473-ee073a02"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 2918.0,
                "function_hash": "1840171710972432913659117789350748496"
            },
            "source": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
            "deprecated": false,
            "target": {
                "file": "usr.bin/ssh/auth2-hostbased.c",
                "function": "userauth_hostbased"
            },
            "signature_type": "Function",
            "id": "CVE-2018-15473-f7ba3c85"
        }
    ]
}