CVE-2016-1907

EPSS 0.24%
Published 19.01.2016 05:59:10
Last modified 12.04.2025 10:46:40
Source security@debian.org
Teams watchlist Login
Open Login

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version6.8

Openbsd ≫ Openssh Version6.8 Updatep1

Openbsd ≫ Openssh Version6.9

Openbsd ≫ Openssh Version6.9 Updatep1

Openbsd ≫ Openssh Version7.0

Openbsd ≫ Openssh Version7.0 Updatep1

Openbsd ≫ Openssh Version7.1

Openbsd ≫ Openssh Version7.1 Updatep1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.469

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

http://www.openssh.com/txt/release-7.1p2

Vendor Advisory

https://bto.bluecoat.com/security-advisory/sa109

http://www.securityfocus.com/bid/81293

https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0

https://nvd.nist.gov/vuln/detail/CVE-2016-1907

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1907

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1907

EUVD