Home

CVE-2016-0777

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
67.203

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 UpdateMac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo UpdateMac
SUSE-SU-2016:0119-1(SUSE Linux Enterprise Desktop 11-SP3 ) openssh-6.2p2-0.24.1.x86_64.rpmLinux
SUSE-SU-2016:0119-1(SUSE Linux Enterprise Desktop 11-SP3 ) openssh-askpass-6.2p2-0.24.1.x86_64.rpmLinux
SUSE-SU-2016:0119-1(SUSE Linux Enterprise Desktop 11-SP3 ) openssh-askpass-gnome-6.2p2-0.24.3.x86_64.rpmLinux
SUSE-SU-2016:0120-1(SUSE Linux Enterprise Desktop 11-SP4 ) openssh-6.6p1-16.1.x86_64.rpmLinux
SUSE-SU-2016:0120-1(SUSE Linux Enterprise Desktop 11-SP4 ) openssh-askpass-gnome-6.6p1-16.4.x86_64.rpmLinux
SUSE-SU-2016:0120-1(SUSE Linux Enterprise Desktop 11-SP4 ) openssh-helpers-6.6p1-16.1.x86_64.rpmLinux
Vulnerabilities CVE-2016-0777 are affected in unified_threat_management_software 9.318 NCM
Vulnerabilities CVE-2016-0777 ,CVE-2016-0778 are affected in unified_threat_management_software 9.353 NCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0777)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600753OS X El Capitan 10.11.6 Update
PATCH-600754OS X El Capitan 10.11.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234