High severity8.1NVD Advisory· Published Jan 14, 2016· Updated May 6, 2026

CVE-2016-0778

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Affected products

OpenBSD/OpenSSH37 versions
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
Oracle Corporation/Linux
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: >=10.9.0,<=10.9.5
HP/Virtual Customer Access System
cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*
Range: <=15.07
Sophos/Unified Threat Management Software
cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openssh.com/txt/release-7.1p2nvdPatchRelease NotesVendor Advisory
www.openwall.com/lists/oss-security/2016/01/14/7nvdExploitMailing ListTechnical DescriptionThird Party Advisory
kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlnvdMailing ListRelease NotesThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlnvdMailing ListThird Party Advisory
packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.htmlnvdThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2016/Jan/44nvdMailing ListThird Party Advisory
www.debian.org/security/2016/dsa-3446nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
www.securityfocus.com/archive/1/537295/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/80698nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034671nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2869-1nvdThird Party Advisory
blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/nvdRelease NotesVendor Advisory
blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/nvdRelease NotesVendor Advisory
bto.bluecoat.com/security-advisory/sa109nvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
security.gentoo.org/glsa/201601-01nvdThird Party Advisory
support.apple.com/HT206167nvdVendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000