CVE-2016-0778
Summary
| CVE | CVE-2016-0778 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-01-14 22:59:02 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. |
Risk And Classification
Primary CVSS: v3.0 8.1 HIGH from [email protected]
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 8.1 | HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 4.6 | AV:N/AC:H/Au:S/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
HighAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:H/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Hp | Virtual Customer Access System | All | All | All | All |
| Application | Openbsd | Openssh | 5.4 | All | All | All |
| Application | Openbsd | Openssh | 5.4 | p1 | All | All |
| Application | Openbsd | Openssh | 5.5 | All | All | All |
| Application | Openbsd | Openssh | 5.5 | p1 | All | All |
| Application | Openbsd | Openssh | 5.6 | All | All | All |
| Application | Openbsd | Openssh | 5.6 | p1 | All | All |
| Application | Openbsd | Openssh | 5.7 | All | All | All |
| Application | Openbsd | Openssh | 5.7 | p1 | All | All |
| Application | Openbsd | Openssh | 5.8 | All | All | All |
| Application | Openbsd | Openssh | 5.8 | p1 | All | All |
| Application | Openbsd | Openssh | 5.9 | All | All | All |
| Application | Openbsd | Openssh | 5.9 | p1 | All | All |
| Application | Openbsd | Openssh | 6.0 | All | All | All |
| Application | Openbsd | Openssh | 6.0 | p1 | All | All |
| Application | Openbsd | Openssh | 6.1 | All | All | All |
| Application | Openbsd | Openssh | 6.1 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | All | All | All |
| Application | Openbsd | Openssh | 6.2 | p1 | All | All |
| Application | Openbsd | Openssh | 6.2 | p2 | All | All |
| Application | Openbsd | Openssh | 6.3 | All | All | All |
| Application | Openbsd | Openssh | 6.3 | p1 | All | All |
| Application | Openbsd | Openssh | 6.4 | All | All | All |
| Application | Openbsd | Openssh | 6.4 | p1 | All | All |
| Application | Openbsd | Openssh | 6.5 | All | All | All |
| Application | Openbsd | Openssh | 6.5 | p1 | All | All |
| Application | Openbsd | Openssh | 6.6 | All | All | All |
| Application | Openbsd | Openssh | 6.6 | p1 | All | All |
| Application | Openbsd | Openssh | 6.7 | All | All | All |
| Application | Openbsd | Openssh | 6.7 | p1 | All | All |
| Application | Openbsd | Openssh | 6.8 | All | All | All |
| Application | Openbsd | Openssh | 6.8 | p1 | All | All |
| Application | Openbsd | Openssh | 6.9 | All | All | All |
| Application | Openbsd | Openssh | 6.9 | p1 | All | All |
| Application | Openbsd | Openssh | 7.0 | All | All | All |
| Application | Openbsd | Openssh | 7.0 | p1 | All | All |
| Application | Openbsd | Openssh | 7.1 | All | All | All |
| Application | Openbsd | Openssh | 7.1 | p1 | All | All |
| Operating System | Oracle | Linux | 7 | All | All | All |
| Operating System | Oracle | Solaris | 11.3 | All | All | All |
| Application | Sophos | Unified Threat Management Software | 9.353 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| OpenSSH: Multiple vulnerabilities (GLSA 201601-01) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0117-1: critical: Security update for o | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| 2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and Buffer Overflow in roaming support (CVE-2016-0777, CVE-2016-0778) - Juniper Networks | af854a3a-2127-422b-91ae-364da2661108 | kb.juniper.net | Third Party Advisory |
| www.openssh.com/txt/release-7.1p2 | af854a3a-2127-422b-91ae-364da2661108 | www.openssh.com | Patch, Release Notes, Vendor Advisory |
| Debian -- Security Information -- DSA-3446-1 openssh | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| oss-security - Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Technical Description, Third Party Advisory |
| [security-announce] SUSE-SU-2016:0120-1: critical: Security update for o | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-7.fc22 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Broadcom Support Portal | af854a3a-2127-422b-91ae-364da2661108 | bto.bluecoat.com | Third Party Advisory |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Vendor Advisory |
| UTM Up2Date 9.319 released | Sophos Blog | af854a3a-2127-422b-91ae-364da2661108 | blogs.sophos.com | Release Notes, Vendor Advisory |
| [security-announce] openSUSE-SU-2016:0127-1: critical: Security update f | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| Oracle Solaris Third Party Bulletin - October 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| [SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-1.fc23 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| Full Disclosure: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Oracle Linux Bulletin - January 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Third Party Advisory |
| OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Document Display | HPE Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hpe.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0119-1: critical: Security update for o | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | Mailing List, Release Notes, Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | |
| Qualys Security Advisory - OpenSSH Overflow / Leak ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| USN-2869-1: OpenSSH vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:0118-1: critical: Security update for o | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| UTM Up2Date 9.354 released | Sophos Blog | af854a3a-2127-422b-91ae-364da2661108 | blogs.sophos.com | Release Notes, Vendor Advisory |
| [security-announce] openSUSE-SU-2016:0128-1: critical: Security update f | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.