CVE-2016-0777
high-risk
Published 2016-01-14
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Do I need to act?
!
67.2% chance of exploitation in next 30 days
EPSS score — higher than 33% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
References (68)
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Ove...
Mailing List
http://seclists.org/fulldisclosure/2016/Jan/44
Third Party Advisory
http://www.debian.org/security/2016/dsa-3446
Vendor Advisory
http://www.openssh.com/txt/release-7.1p2
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h...
Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threaded
and 48 more references
69
/ 100
high-risk
Severity
24/34 · High
Exploitability
19/34 · Moderate
Exposure
26/34 · High