HIGH✓ PATCH🇬🇧 English

CVE-2016-0778

CVSS 8.1v3.0pub. 2016-01-14upd. 2026-05-29

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple Mac Os X

    OS
    Apple
    10.9.0 – 10.9.510.11.0 – 10.11.310.10.0 – 10.10.5
  • HP Virtual Customer Access System

    OS
    Hp
    ≤ 15.07
  • Openbsd OpenSSH

    APP
    Openbsd
    5.45.55.65.75.85.96.06.16.26.36.46.56.66.76.8+ 3 więcej
  • Oracle Linux

    OS
    Oracle
    7
  • Oracle Solaris

    OS
    Oracle
    11.3
  • Sophos Unified Threat Management Software

    APP
    Sophos
    9.353
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoSMemory
CWE
Referencje

Powiązane podatności

CVE-2021-1870CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2021-1871CRITICAL9.8⚠ KEVten sam produkt

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...

CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...

CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...