High severity7.5NVD Advisory· Published Jan 21, 2018· Updated Apr 29, 2026

CVE-2016-10708

Description

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Affected products

OpenBSD/OpenSSH
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Range: <7.4
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*
NetApp/Cloud Backup
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp/Data Ontap
cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
NetApp/Data Ontap Edge
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
NetApp/Oncommand Unified Manager
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Range: >=9.4
NetApp/Service Processor
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
NetApp/Storagegrid
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
NetApp/Storagegrid Webscale
cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*
NetApp/Clustered Data Ontap
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
NetApp/Vasa Provider
cpe:2.3:a:netapp:vasa_provider:-:*:*:*:*:*:*:*

Patches

4a354fc23117

https://github.com/openssh/openssh-portablevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

blog.swiecki.net/2018/01/fuzzing-tcp-servers.htmlnvdPatchThird Party Advisory
anongit.mindrot.org/openssh.git/commit/nvdPatchThird Party Advisory
www.securityfocus.com/bid/102780nvdThird Party AdvisoryVDB Entry
lists.debian.org/debian-lts-announce/2018/01/msg00031.htmlnvdMailing ListThird Party Advisory
lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlnvdMailing ListThird Party Advisory
security.netapp.com/advisory/ntap-20180423-0003/nvdThird Party Advisory
usn.ubuntu.com/3809-1/nvdThird Party Advisory
www.openssh.com/releasenotes.htmlnvdRelease NotesVendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfnvd
kc.mcafee.com/corporate/indexnvd
support.f5.com/csp/article/K32485746nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000