Decription: The OpenSSH has a memory exhaustion bug in key exchange process.
An unauthenticated peer could repeat the KEXINIT and cause allocation of up to 384MB(not 128MB that the official said).
In the default case, an attacker can build 100 such connections, which will consume 38400 MB of memory on the server.
Affected versions: all
Recommended action: Re-build OpenSSH applying the following patch: