MEDIUM✓ PATCH🇬🇧 English

CVE-2016-0777

CVSS 6.5v3.0pub. 2016-01-14upd. 2026-05-29

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Apple Mac Os X

    OS
    Apple
    ≤ 10.11.3
  • HP Remote Device Access Virtual Customer Access System

    APP
    Hp
    ≤ 15.07
  • Openbsd OpenSSH

    APP
    Openbsd
    5.05.15.25.35.45.55.65.75.85.96.06.16.26.36.4+ 7 więcej
  • Oracle Linux

    OS
    Oracle
    7
  • Oracle Solaris

    OS
    Oracle
    11.3
  • Sophos Unified Threat Management

    HW
    Sophos
    110120220320425525625
  • Sophos Unified Threat Management Software

    APP
    Sophos
    9.3189.353
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-1871CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2021-1870CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...

CVE-2020-25223CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, a...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...