Medium severity6.5NVD Advisory· Published Jan 14, 2016· Updated Jun 17, 2026
CVE-2016-0777
CVE-2016-0777
Description
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
80- cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*Range: <=15.07
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*+ 44 more
- cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- osv-coords28 versionspkg:rpm/opensuse/openssh&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/openssh-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY
< 7.2p2-3.1+ 27 more
- (no CPE)range: < 7.2p2-3.1
- (no CPE)range: < 6.2p2-0.24.3
- (no CPE)range: < 6.6p1-16.4
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.2p2-0.24.3
- (no CPE)range: < 6.2p2-0.24.3
- (no CPE)range: < 6.6p1-16.4
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.2p2-0.24.3
- (no CPE)range: < 6.6p1-16.4
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.2p2-0.24.1
- (no CPE)range: < 6.6p1-16.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.2p2-0.24.1
- (no CPE)range: < 6.2p2-0.24.1
- (no CPE)range: < 6.6p1-16.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.2p2-0.24.1
- (no CPE)range: < 6.6p1-16.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-33.1
- (no CPE)range: < 6.6p1-10.1
Patches
Vulnerability mechanics
References
34- kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlnvdMailing ListThird Party Advisory
- packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2016/Jan/44nvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3446nvdThird Party Advisory
- www.openssh.com/txt/release-7.1p2nvdVendor Advisory
- www.openwall.com/lists/oss-security/2016/01/14/7nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/537295/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/80695nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034671nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2869-1nvdThird Party Advisory
- blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/nvdThird Party Advisory
- blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/nvdThird Party Advisory
- bto.bluecoat.com/security-advisory/sa109nvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- security.freebsd.org/advisories/FreeBSD-SA-16:07.openssh.ascnvdThird Party Advisory
- security.gentoo.org/glsa/201601-01nvdThird Party Advisory
- support.apple.com/HT206167nvdThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd
News mentions
0No linked articles in our index yet.