CVE-2016-10012Improper Restriction of Operations within the Bounds of a Memory Buffer in Openssh

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-287Improper Authentication12 documents10 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openbsd OpensshPaloalto Pan-osPaloalto Prisma SD
Timeline
PublishedJan 5
Latest updateApr 5

Description

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debianopenbsd/openssh< 1:7.4p1-1+3
Palo Altopaloalto/pan-os
Palo Altopaloalto/prisma_sd

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-f4jf-rwp2-rx83: The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 72022-05-14
OSV
CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 72017-01-05
CVEList
CVE-2016-10012: The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 72017-01-05

📋Vendor Advisories

6
Palo Alto
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION2024-04-05
Palo Alto
PAN-SA-2020-0005 PAN-OS: OpenSSH software upgraded to resolve multiple vulnerabilities2020-05-13
Ubuntu
OpenSSH vulnerabilities2018-01-22
Apple
CVE-2016-10012: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite2017-03-27
Red Hat
openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support2016-12-19

💬Community

2
Bugzilla
CVE-2016-10012 openssh: Bounds check can be evaded in the shared memory manager used by pre-authentication compression support2016-12-20
Bugzilla
CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 openssh: various flaws [fedora-all]2016-12-20
CVE-2016-10012 — Openbsd Openssh vulnerability | cvebase