CVE-2016-10708

CVE	CVE-2016-10708
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-01-21 22:29:00 UTC
Updated	2023-11-07 02:29:00 UTC
Description	sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Problem Types: CWE-476

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Operating System	Netapp	Clustered Data Ontap	-	All	All	All
Operating System	Netapp	Clustered Data Ontap	-	All	All	All
Operating System	Netapp	Clustered Data Ontap	-	All	All	All
Operating System	Netapp	Clustered Data Ontap	-	All	All	All
Application	Netapp	Data Ontap	-	All	All	All
Application	Netapp	Data Ontap	-	All	All	All
Application	Netapp	Data Ontap Edge	-	All	All	All
Application	Netapp	Data Ontap Edge	-	All	All	All
Application	Netapp	Oncommand Unified Manager	All	All	All	All
Application	Netapp	Oncommand Unified Manager	All	All	All	All
Application	Netapp	Service Processor	-	All	All	All
Application	Netapp	Service Processor	-	All	All	All
Application	Netapp	Storagegrid	-	All	All	All
Application	Netapp	Storagegrid	-	All	All	All
Application	Netapp	Storagegrid Webscale	-	All	All	All
Application	Netapp	Storagegrid Webscale	-	All	All	All
Application	Netapp	Vasa Provider	-	All	All	All
Application	Netapp	Vasa Provider	-	All	All	All
Application	Openbsd	Openssh	All	All	All	All
Application	Openbsd	Openssh	All	All	All	All

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf	CONFIRM	cert-portal.siemens.com
[SECURITY] [DLA 1500-1] openssh security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
openssh.git - Portable OpenSSH	MISC	anongit.mindrot.org	Patch, Third Party Advisory
support.f5.com/csp/article/K32485746	CONFIRM	support.f5.com
OpenSSH: Release Notes	MISC	www.openssh.com	Release Notes, Vendor Advisory
myF5		support.f5.com
CVE-2016-10708 OpenSSH Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
[ robert swiecki's blog ]: Fuzzing TCP servers	MISC	blog.swiecki.net	Patch, Third Party Advisory
[SECURITY] [DLA 1257-1] openssh security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
McAfee Security Bulletin - SIEM update fixes multiple vulnerabilities (CVE-2015-7704, CVE-2016-10708, CVE-2018-10858, CVE-2018-11784, CVE-2018-18258, CVE-2019-3628, CVE-2019-3629, CVE-2019-3630, CVE-2019-3631, CVE-2019-3632)	CONFIRM	kc.mcafee.com
USN-3809-1: OpenSSH vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.