Primary

Context

Axessh Denial-of-Service Vulnerability in Logging Configuration

Vulnerability

A denial-of-service vulnerability has been identified in Axessh version 4.2. This issue arises from the logging configuration, where local attackers can cause the application to crash by entering an excessively long string in the log file name field. The vulnerability can be exploited by enabling session logging, pasting a buffer of 500 or more characters into the log file name parameter, and then establishing a telnet connection, which triggers the application crash.

Impact

Exploitation of this vulnerability leads to a crash of the Axessh application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first enable session logging in the Axessh application. Then, paste a buffer of 500 or more characters into the log file name parameter. After setting the log file name, proceed to establish a telnet connection, which will cause the application to crash.

Added: Mar 22, 2026, 2:43 PM

Updated: Mar 22, 2026, 2:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axessh Denial-of-Service Vulnerability in Logging Configuration

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating