Fluid Attacks Database

Description

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.2	openssh	=5.1_p1-r1 \|\| =5.1_p1-r2 \|\| =5.1p1-r0 \|\| =5.2_p1-r0 \|\| =5.2_p1-r1 \|\| =5.2_p1-r2 \|\| =5.2_p1-r3 \|\| =5.3_p1-r3 \|\| =5.4_p1-r0 \|\| =5.4_p1-r1 \|\| =5.4_p1-r2 \|\| =5.4_p1-r3 \|\| =5.5_p1-r0 \|\| =5.6_p1-r0 \|\| =5.6_p1-r1 \|\| =5.8_p1-r0 \|\| =5.8_p1-r1 \|\| =5.8_p1-r2 \|\| =5.8_p2-r0 \|\| =5.8_p2-r1 \|\| =5.8_p2-r2 \|\| =5.9_p1-r0 \|\| =5.9_p1-r1 \|\| =5.9_p1-r2 \|\| =6.0_p1-r0 \|\| =6.1_p1-r0 \|\| =6.1_p1-r1 \|\| =6.1_p1-r2 \|\| =6.2_p1-r0 \|\| =6.2_p2-r0 \|\| =6.2_p2-r1 \|\| =6.2_p2-r2 \|\| =6.3_p1-r0 \|\| =6.3_p1-r1 \|\| =6.3_p1-r2 \|\| =6.4_p1-r0 \|\| =6.4_p1-r1 \|\| =6.6_p1-r0 \|\| =6.6_p1-r1 \|\| =6.6_p1-r2 \|\| =6.6_p1-r3 \|\| =6.6_p1-r4 \|\| =6.6_p1-r5 \|\| =6.6_p1-r6 \|\| =6.7_p1-r0 \|\| =6.8_p1-r0 \|\| =6.8_p1-r1 \|\| =6.8_p1-r2 \|\| =6.8_p1-r3 \|\| =6.8_p1-r4 \|\| =6.8_p1-r5 \|\| =6.8_p1-r6 \|\| =6.8_p1-r7 \|\| =6.8_p1-r8 \|\| =6.8_p1-r9 \|\| >=0 <6.8_p1-r10	6.8_p1-r10
debian 14	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 13	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 11	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 12	openssh	>=0 <1:7.1p2-1	1:7.1p2-1

Aliases

1. CVE-2016-19072. NVD-2016-19073. OSV-ALPINE-2016-19074. OSV-2016-19075. OSV-DEBIAN-2016-19076. SECURITY-CVE-2016-19077. SECURITY-TRACKER-CVE-2016-1907

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.