Medium severity6.5NVD Advisory· Published Jan 14, 2016· Updated May 6, 2026
CVE-2016-0777
CVE-2016-0777
Description
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Affected products
51- cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*Range: <=15.07
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*+ 44 more
- cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
34- kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlnvdMailing ListThird Party Advisory
- packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2016/Jan/44nvdMailing ListThird Party Advisory
- www.debian.org/security/2016/dsa-3446nvdThird Party Advisory
- www.openssh.com/txt/release-7.1p2nvdVendor Advisory
- www.openwall.com/lists/oss-security/2016/01/14/7nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/537295/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/80695nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034671nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2869-1nvdThird Party Advisory
- blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/nvdThird Party Advisory
- blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/nvdThird Party Advisory
- bto.bluecoat.com/security-advisory/sa109nvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- security.freebsd.org/advisories/FreeBSD-SA-16:07.openssh.ascnvdThird Party Advisory
- security.gentoo.org/glsa/201601-01nvdThird Party Advisory
- support.apple.com/HT206167nvdThird Party Advisory
- cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd
News mentions
0No linked articles in our index yet.