CVE-2016-0778
8.1 HIGHThe (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when ce...
Published: 2016-01-14 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-119
Affected products
| Vendor | Product |
|---|---|
| apple | linux, mac_os_x, openssh |
| hp | linux, mac_os_x, openssh |
| openbsd | linux, mac_os_x, openssh |
| oracle | linux, mac_os_x, openssh |
| sophos | linux, mac_os_x, openssh |
Description
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2016-0778
- [Other]http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- [Other]http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- [Other]http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- [Other]http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- [Other]http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- [Other]http://seclists.org/fulldisclosure/2016/Jan/44
- [Other]http://www.debian.org/security/2016/dsa-3446
- [Patch]http://www.openssh.com/txt/release-7.1p2
- [Exploit reference]http://www.openwall.com/lists/oss-security/2016/01/14/7
- [Other]http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- [Other]http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- [Other]http://www.securityfocus.com/archive/1/537295/100/0/threaded
- [Other]http://www.securityfocus.com/bid/80698
- [Other]http://www.securitytracker.com/id/1034671
- [Other]http://www.ubuntu.com/usn/USN-2869-1
- [Vendor advisory]https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- [Vendor advisory]https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- [Other]https://bto.bluecoat.com/security-advisory/sa109
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- [Other]https://security.gentoo.org/glsa/201601-01
- [Vendor advisory]https://support.apple.com/HT206167
- [Other]http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
- [Other]http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- [Other]http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- [Other]http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
- [Other]http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- [Other]http://seclists.org/fulldisclosure/2016/Jan/44
- [Other]http://www.debian.org/security/2016/dsa-3446
- [Patch]http://www.openssh.com/txt/release-7.1p2
- [Exploit reference]http://www.openwall.com/lists/oss-security/2016/01/14/7
- [Other]http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- [Other]http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- [Other]http://www.securityfocus.com/archive/1/537295/100/0/threaded
- [Other]http://www.securityfocus.com/bid/80698
- [Other]http://www.securitytracker.com/id/1034671
- [Other]http://www.ubuntu.com/usn/USN-2869-1
- [Vendor advisory]https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
- [Vendor advisory]https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- [Other]https://bto.bluecoat.com/security-advisory/sa109
- [Other]https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- [Other]https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- [Other]https://security.gentoo.org/glsa/201601-01
- [Vendor advisory]https://support.apple.com/HT206167
Related CVEs
Same vendor
- CVE-2022-48575 — A person with access to a Mac may be able to bypass Login Window (3.5 LOW)
- CVE-2022-26758 — A malicious application may cause unexpected changes in memory shared between processes (7.1 HIGH)
- CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
Same CWE
- CVE-2026-0409 — A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Intern...
- CVE-2026-11623 — A security vulnerability has been detected in tmux up to 3.6a (4.5 MEDIUM)
- CVE-2026-11557 — A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9 (8.8 HIGH)
- CVE-2026-11553 — A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon (8.8 HIGH)
- CVE-2026-11528 — A vulnerability was found in Tenda AC18 15.03.05.05 (8.8 HIGH)