CVE-2016-0778 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssh

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow13 documents10 sources

Severity

8.1HIGHNVD

EPSS

2.0%

top 16.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Apple MAC OS X HP Virtual Customer Access System +4 more

Timeline

PublishedJan 14

Latest updateMay 13

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages8 packages

▶Debianopenbsd/openssh< 1:7.1p2-1+3

▶NVDopenbsd/openssh18 versions+17

▶NVDapple/mac_os_x10.9.0 — 10.9.5+2

▶NVDhp/virtual_customer_access_system15.07

▶NVDoracle/linux7

Patches

Patch: www.openssh.com ↗Patch: www.openssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-cqpr-rfm2-cchc: The (1) roaming_read and (2) roaming_write functions in roaming_common↗2022-05-13

▶

CVEList

CVE-2016-0778: The (1) roaming_read and (2) roaming_write functions in roaming_common↗2016-01-14

▶

OSV

CVE-2016-0778: The (1) roaming_read and (2) roaming_write functions in roaming_common↗2016-01-14

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2016-0011 OpenSSH vulnerabilities↗2016-07-12

▶

Ubuntu

OpenSSH vulnerabilities↗2016-01-14

▶

Red Hat

OpenSSH: Client buffer-overflow when using roaming connections↗2016-01-14

▶

Debian

CVE-2016-0778: openssh - The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the ...↗2016

▶

Apple

CVE-2016-0778: OS X El Capitan v10.11.4 and Security Update 2016-002↗

▶

💬Community

Bugzilla

CVE-2016-0777 CVE-2016-0778 gsi-openssh: various flaws [epel-7]↗2016-01-15

▶

Bugzilla

CVE-2016-0777 CVE-2016-0778 gsi-openssh: various flaws [fedora-all]↗2016-01-15

▶

Bugzilla

CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming connections [fedora-all]↗2016-01-14

▶

Bugzilla

CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming connections↗2016-01-13

▶