CVE-2016-0778

Exploit

EPSS 2.13%
Published 14.01.2016 22:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Affected products Warnungen 0 Metrics 3 CWE 1 References 34

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Linux Version7

Oracle ≫ Solaris Version11.3

Openbsd ≫ Openssh Version5.4

Openbsd ≫ Openssh Version5.4 Updatep1

Openbsd ≫ Openssh Version5.5

Openbsd ≫ Openssh Version5.5 Updatep1

Openbsd ≫ Openssh Version5.6

Openbsd ≫ Openssh Version5.6 Updatep1

Openbsd ≫ Openssh Version5.7

Openbsd ≫ Openssh Version5.7 Updatep1

Openbsd ≫ Openssh Version5.8

Openbsd ≫ Openssh Version5.8 Updatep1

Openbsd ≫ Openssh Version5.9

Openbsd ≫ Openssh Version5.9 Updatep1

Openbsd ≫ Openssh Version6.0

Openbsd ≫ Openssh Version6.0 Updatep1

Openbsd ≫ Openssh Version6.1

Openbsd ≫ Openssh Version6.1 Updatep1

Openbsd ≫ Openssh Version6.2

Openbsd ≫ Openssh Version6.2 Updatep1

Openbsd ≫ Openssh Version6.2 Updatep2

Openbsd ≫ Openssh Version6.3

Openbsd ≫ Openssh Version6.3 Updatep1

Openbsd ≫ Openssh Version6.4

Openbsd ≫ Openssh Version6.4 Updatep1

Openbsd ≫ Openssh Version6.5

Openbsd ≫ Openssh Version6.5 Updatep1

Openbsd ≫ Openssh Version6.6

Openbsd ≫ Openssh Version6.6 Updatep1

Openbsd ≫ Openssh Version6.7

Openbsd ≫ Openssh Version6.7 Updatep1

Openbsd ≫ Openssh Version6.8

Openbsd ≫ Openssh Version6.8 Updatep1

Openbsd ≫ Openssh Version6.9

Openbsd ≫ Openssh Version6.9 Updatep1

Openbsd ≫ Openssh Version7.0

Openbsd ≫ Openssh Version7.0 Updatep1

Openbsd ≫ Openssh Version7.1

Openbsd ≫ Openssh Version7.1 Updatep1

Apple ≫ macOS X Version >= 10.9.0 <= 10.9.5

Apple ≫ macOS X Version >= 10.10.0 <= 10.10.5

Apple ≫ macOS X Version >= 10.11.0 <= 10.11.3

Hp ≫ Virtual Customer Access System Version <= 15.07

Sophos ≫ Unified Threat Management Software Version9.353

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.13%	0.835

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Third Party Advisory

Mailing List