CVE-2016-0777

Publication date 14 January 2016

Last updated 25 August 2025

Ubuntu priority

High

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Status

Package Ubuntu Release Status
openssh 15.10 wily
Fixed 1:6.9p1-2ubuntu0.1
15.04 vivid
Fixed 1:6.7p1-5ubuntu1.4
14.04 LTS trusty
Fixed 1:6.6p1-2ubuntu2.4
12.04 LTS precise
Fixed 1:5.9p1-5ubuntu1.8

Severity score breakdown

CVSS version: CVSS v3.0

Base score 6.5 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-2869-1
    • OpenSSH vulnerabilities
    • 14 January 2016

Other references

Access our resources on patching vulnerabilities