CVE-2016-0777
- Source
- https://cve.org/CVERecord?id=CVE-2016-0777
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0777.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-0777
- Downstream
- Related
- Published
- 2016-01-14T22:59:01.140Z
- Modified
- 2026-05-15T12:00:25.414274177Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" ], "vendor_product": "apple:mac_os_x", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "10.11.3" } ] }, { "cpes": [ "cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "hp:remote_device_access_virtual_customer_access_system", "extracted_events": [ { "last_affected": "15.07" } ] }, { "cpes": [ "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*" ], "vendor_product": "openbsd:openssh", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "5.8" }, { "last_affected": "6.2" }, { "last_affected": "7.1" } ] }, { "cpes": [ "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:linux", "extracted_events": [ { "last_affected": "7" } ] }, { "cpes": [ "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*" ], "vendor_product": "oracle:solaris", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "11.3" } ] }, { "cpes": [ "cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*", "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "sophos:unified_threat_management_software", "extracted_events": [ { "last_affected": "9.318" }, { "last_affected": "9.353" } ] } ] }- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://www.debian.org/security/2016/dsa-3446
- http://www.openssh.com/txt/release-7.1p2
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/archive/1/537295/100/0/threaded
- http://www.securityfocus.com/bid/80695
- http://www.securitytracker.com/id/1034671
- http://www.ubuntu.com/usn/USN-2869-1
- https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa109
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
- https://security.gentoo.org/glsa/201601-01
- https://support.apple.com/HT206167