VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-kcgk-nx2a-cqc4

Essentials
Severities (70)
References (42)
Severity details (68)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kcgk-nx2a-cqc4
Aliases	CVE-2016-0777
Summary	The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-682

Incorrect Calculation

System	Score	Found at
cvssv3.1	6.5	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
ssvc	Track	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
cvssv3.1	6.5	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
ssvc	Track	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
cvssv3.1	6.5	http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
ssvc	Track	http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
epss	0.77397	https://api.first.org/data/v1/epss?cve=CVE-2016-0777
epss	0.77397	https://api.first.org/data/v1/epss?cve=CVE-2016-0777
cvssv3.1	6.5	https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
ssvc	Track	https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
cvssv3.1	6.5	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
ssvc	Track	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
cvssv3.1	6.5	https://bto.bluecoat.com/security-advisory/sa109
ssvc	Track	https://bto.bluecoat.com/security-advisory/sa109
cvssv3.1	6.5	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
ssvc	Track	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2016/Jan/44
ssvc	Track	http://seclists.org/fulldisclosure/2016/Jan/44
cvssv3.1	6.5	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
ssvc	Track	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
cvssv3.1	6.5	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
ssvc	Track	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
cvssv3.1	6.5	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
ssvc	Track	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
cvssv3.1	6.5	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
ssvc	Track	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
cvssv3.1	6.5	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
ssvc	Track	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
cvssv3.1	6.5	https://security.gentoo.org/glsa/201601-01
ssvc	Track	https://security.gentoo.org/glsa/201601-01
cvssv3.1	6.5	https://support.apple.com/HT206167
ssvc	Track	https://support.apple.com/HT206167
cvssv3.1	6.5	http://www.debian.org/security/2016/dsa-3446
ssvc	Track	http://www.debian.org/security/2016/dsa-3446
cvssv3.1	6.5	http://www.openssh.com/txt/release-7.1p2
ssvc	Track	http://www.openssh.com/txt/release-7.1p2
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2016/01/14/7
ssvc	Track	http://www.openwall.com/lists/oss-security/2016/01/14/7
cvssv3.1	6.5	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
ssvc	Track	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
cvssv3.1	6.5	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
ssvc	Track	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
cvssv3.1	6.5	http://www.securityfocus.com/archive/1/537295/100/0/threaded
ssvc	Track	http://www.securityfocus.com/archive/1/537295/100/0/threaded
cvssv3.1	6.5	http://www.securityfocus.com/bid/80695
ssvc	Track	http://www.securityfocus.com/bid/80695
cvssv3.1	6.5	http://www.securitytracker.com/id/1034671
ssvc	Track	http://www.securitytracker.com/id/1034671
cvssv3.1	6.5	http://www.ubuntu.com/usn/USN-2869-1
ssvc	Track	http://www.ubuntu.com/usn/USN-2869-1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0777.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-0777
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
1034671		http://www.securitytracker.com/id/1034671
1298032		https://bugzilla.redhat.com/show_bug.cgi?id=1298032
175592.html		http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
175676.html		http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
176349.html		http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
176516.html		http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
201601-01		https://security.gentoo.org/glsa/201601-01
44		http://seclists.org/fulldisclosure/2016/Jan/44
7		http://www.openwall.com/lists/oss-security/2016/01/14/7
80695		http://www.securityfocus.com/bid/80695
810984		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810984
bulletinoct2015-2511968.html		http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
docDisplay?docId=emr_na-c05247375		https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
docDisplay?docId=emr_na-c05356388		https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
docDisplay?docId=emr_na-c05385680		https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
docDisplay?docId=emr_na-c05390722		https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
dsa-3446		http://www.debian.org/security/2016/dsa-3446
FreeBSD-SA-16:07.openssh.asc		https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
HT206167		https://support.apple.com/HT206167
index?page=content&id=JSA10734		http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
linuxbulletinjan2016-2867209.html		http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
msg00004.html		http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
msg00006.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
msg00007.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
msg00008.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
msg00009.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
msg00013.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
msg00014.html		http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html		http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
release-7.1p2		http://www.openssh.com/txt/release-7.1p2
RHSA-2016:0043		https://access.redhat.com/errata/RHSA-2016:0043
sa109		https://bto.bluecoat.com/security-advisory/sa109
ssa-412672.pdf		https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
threaded		http://www.securityfocus.com/archive/1/537295/100/0/threaded
USN-2869-1		https://usn.ubuntu.com/2869-1/
USN-2869-1		http://www.ubuntu.com/usn/USN-2869-1
utm-up2date-9-319-released		https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
utm-up2date-9-354-released		https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bto.bluecoat.com/security-advisory/sa109

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://bto.bluecoat.com/security-advisory/sa109

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/fulldisclosure/2016/Jan/44

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://seclists.org/fulldisclosure/2016/Jan/44

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201601-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://security.gentoo.org/glsa/201601-01

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/HT206167

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at https://support.apple.com/HT206167

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.debian.org/security/2016/dsa-3446

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.debian.org/security/2016/dsa-3446

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openssh.com/txt/release-7.1p2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.openssh.com/txt/release-7.1p2

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2016/01/14/7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.openwall.com/lists/oss-security/2016/01/14/7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/archive/1/537295/100/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.securityfocus.com/archive/1/537295/100/0/threaded

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/80695

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.securityfocus.com/bid/80695

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.securitytracker.com/id/1034671

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.securitytracker.com/id/1034671

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.ubuntu.com/usn/USN-2869-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:29:54Z/ Found at http://www.ubuntu.com/usn/USN-2869-1

Exploit Prediction Scoring System (EPSS)

Percentile	0.99005
EPSS Score	0.77397
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:41:06.186430+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2016/0xxx/CVE-2016-0777.json	38.6.0