A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSysax Multi Server
APPSysax6.10
Related vulnerabilities
Stack-based buffer overflow w SSH Sysax Multi Server – RCE bez uwierzytelnienia
Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted...
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in...
Stack-based buffer overflow in Sysax Multi Server before 5.52, when HTTP is enabled, allows remote authenticat...
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to rea...