Rapid 7 Security Advisory – SSH servers and clients from several vendors contain vulnerabilities in the greeting and key-exchange-initialization phases of the SSHv2 transport layer that allow denial of service attacks and/or arbitrary code execution. OpenSSH, SecureCRT, and LSH are not affected – vulnerable versions include F-Secure 3.1.0 and below for unix and v5.2 and below for Windows, SSH 3.2.2 and below for windows and unix, putty v0.53 and below, WinSCP 2.0.0 and below, and more.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/30606/R7-0009.ssh2.txt
Source: https://packetstormsecurity.com/files/related/30606/Rapid7-Security-Advisory-9.html