Fluid Attacks Database

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 14	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 13	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
debian 11	openssh	>=0 <1:7.1p2-1	1:7.1p2-1
rpm rhel7	openssh	<0:6.6.1p1-23.el7_2	0:6.6.1p1-23.el7_2

Aliases

1. CVE-2016-07772. NVD-2016-07773. OSV-DEBIAN-2016-07774. OSV-2016-07775. SECURITY-TRACKER-CVE-2016-0777

References

1. https://github.com/Abdirisaq-ali-aynab/vulnerability-assessment

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.