6.5
CVE-2016-0777
- EPSS 63.47%
- Veröffentlicht 14.01.2016 22:59:01
- Zuletzt bearbeitet 29.05.2026 21:16:25
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sophos ≫ Unified Threat Management Software Version9.318
Sophos ≫ Unified Threat Management Version110
Sophos ≫ Unified Threat Management Version120
Sophos ≫ Unified Threat Management Version220
Sophos ≫ Unified Threat Management Version320
Sophos ≫ Unified Threat Management Version425
Sophos ≫ Unified Threat Management Version525
Sophos ≫ Unified Threat Management Version625
Sophos ≫ Unified Threat Management Version120
Sophos ≫ Unified Threat Management Version220
Sophos ≫ Unified Threat Management Version320
Sophos ≫ Unified Threat Management Version425
Sophos ≫ Unified Threat Management Version525
Sophos ≫ Unified Threat Management Version625
Sophos ≫ Unified Threat Management Software Version9.353
Sophos ≫ Unified Threat Management Version110
Sophos ≫ Unified Threat Management Version120
Sophos ≫ Unified Threat Management Version220
Sophos ≫ Unified Threat Management Version320
Sophos ≫ Unified Threat Management Version425
Sophos ≫ Unified Threat Management Version525
Sophos ≫ Unified Threat Management Version625
Sophos ≫ Unified Threat Management Version120
Sophos ≫ Unified Threat Management Version220
Sophos ≫ Unified Threat Management Version320
Sophos ≫ Unified Threat Management Version425
Sophos ≫ Unified Threat Management Version525
Sophos ≫ Unified Threat Management Version625
Hp ≫ Remote Device Access Virtual Customer Access System Version <= 15.07
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.47% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
https://support.apple.com/HT206167
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80695
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://bto.bluecoat.com/security-advisory/sa109
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
https://security.gentoo.org/glsa/201601-01