A memory exhaustion vulnerability was found in the key exchange process in openssh. An unauthenticated peer could repeat the KEXINIT and cause allocation of up to 384MB for each connection.
Upstream does not consider this as a security issue.
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1387117]
*** This bug has been marked as a duplicate of bug 1384860 ***