A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55654.json",
"cwe_ids": [
"CWE-125"
],
"cna_assigner": "redhat"
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
]
}