{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3497", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2026-03-03T19:33:05.664Z", "datePublished": "2026-03-12T18:27:44.917Z", "dateUpdated": "2026-03-12T19:17:58.354Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "openssh", "vendor": "Ubuntu", "collectionURL": "https://launchpad.net/ubuntu/", "packageName": "openssh", "repo": "https://launchpad.net/ubuntu/+source/openssh", "versions": [{"lessThan": "1:10.0p1-5ubuntu5.1", "status": "affected", "version": "1:10.0p1-5ubuntu5", "versionType": "dpkg"}, {"lessThan": "1:9.6p1-3ubuntu13.15", "status": "affected", "version": "1:9.6p1-3ubuntu13", "versionType": "dpkg"}, {"lessThan": "1:8.9p1-3ubuntu0.14", "status": "affected", "version": "1:8.9p1-3", "versionType": "dpkg"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jeremy Brown"}], "datePublic": "2026-03-12T18:00:00.000Z", "descriptions": [{"lang": "en", "value": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 2.7, "baseSeverity": "LOW", "exploitMaturity": "UNREPORTED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://ubuntu.com/security/CVE-2026-3497", "tags": ["vdb-entry"]}, {"url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"}], "source": {"discovery": "EXTERNAL"}, "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-03-12T18:44:06.073Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T19:04:05.760026Z", "id": "CVE-2026-3497", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T19:04:27.229Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-12T19:17:58.354Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-12T19:17:58.354Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3497", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T19:04:05.760026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T19:04:10.900Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Jeremy Brown"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://launchpad.net/ubuntu/+source/openssh", "vendor": "Ubuntu", "product": "openssh", "versions": [{"status": "affected", "version": "1:10.0p1-5ubuntu5", "lessThan": "1:10.0p1-5ubuntu5.1", "versionType": "dpkg"}, {"status": "affected", "version": "1:9.6p1-3ubuntu13", "lessThan": "1:9.6p1-3ubuntu13.15", "versionType": "dpkg"}, {"status": "affected", "version": "1:8.9p1-3", "lessThan": "1:8.9p1-3ubuntu0.14", "versionType": "dpkg"}], "packageName": "openssh", "collectionURL": "https://launchpad.net/ubuntu/", "defaultStatus": "unaffected"}], "datePublic": "2026-03-12T18:00:00.000Z", "references": [{"url": "https://ubuntu.com/security/CVE-2026-3497", "tags": ["vdb-entry"]}, {"url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"}], "descriptions": [{"lang": "en", "value": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-03-12T18:44:06.073Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3497", "state": "PUBLISHED", "dateUpdated": "2026-03-12T19:17:58.354Z", "dateReserved": "2026-03-03T19:33:05.664Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2026-03-12T18:27:44.917Z", "assignerShortName": "canonical"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration."}], "id": "CVE-2026-3497", "lastModified": "2026-03-12T21:07:53.427", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2026-03-12T19:16:19.910", "references": [{"source": "security@ubuntu.com", "url": "https://ubuntu.com/security/CVE-2026-3497"}, {"source": "security@ubuntu.com", "url": "https://www.openwall.com/lists/oss-security/2026/03/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/03/12/3"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{"bugzilla": {"description": "openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables", "id": "2447085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447085"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-824", "details": ["A flaw was found in the OpenSSH GSSAPI (Generic Security Service Application Program Interface) delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the `sshpkt_disconnect()` function, when called on an error, does not properly terminate the process, leading to the continued execution of the program with uninitialized connection variables. Accessing these uninitialized variables can lead to undefined behavior, potentially resulting in information disclosure or a denial of service."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, disable GSSAPI authentication in the OpenSSH server configuration. This prevents the server from processing GSSAPI messages, eliminating the vulnerability's attack surface.\nEdit `/etc/ssh/sshd_config` and add or modify the line:\n```\nGSSAPIAuthentication no\n```\nAfter saving the changes, restart the `sshd` service for the mitigation to take effect. This action will prevent users from authenticating via GSSAPI.\n```\n# systemctl restart sshd\n```"}, "name": "CVE-2026-3497", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-12T18:27:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3497\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3497\nhttps://ubuntu.com/security/CVE-2026-3497\nhttps://www.openwall.com/lists/oss-security/2026/03/12/3"], "statement": "IMPORTANT: This vulnerability affects the OpenSSH GSSAPI delta as implemented in Red Hat Enterprise Linux and OpenShift Container Platform. An unauthenticated attacker could send a specially crafted GSSAPI message during key exchange, leading to the use of uninitialized variables and potentially undefined behavior. The severity of the impact is dependent on compiler hardening configurations.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1:10.0p1-5ubuntu5,1:10.0p1-5ubuntu5.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1:9.6p1-3ubuntu13,1:9.6p1-3ubuntu13.15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1:8.9p1-3,1:8.9p1-3ubuntu0.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "openssh", "source": "cna", "vendor": "Ubuntu"}, "product": "openssh", "vendor": "ubuntu"}], "created": "2026-03-13T09:50:22.826933+00:00", "updated": "2026-03-13T09:50:22.827028+00:00", "vendors": ["ubuntu", "ubuntu$PRODUCT$openssh"]}