CVE-2016-1907: Buffer Overflow
First published: Tue Jan 19 2016(Updated: )
Last updated 24 July 2024
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openssh | 1:8.4p1-5+deb11u3 1:9.2p1-2+deb12u3 1:9.8p1-8 | |
| OpenSSH | =6.8 | |
| OpenSSH | =6.8-p1 | |
| OpenSSH | =6.9 | |
| OpenSSH | =6.9-p1 | |
| OpenSSH | =7.0 | |
| OpenSSH | =7.0-p1 | |
| OpenSSH | =7.1 | |
| OpenSSH | =7.1-p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
- http://www.openssh.com/txt/release-7.1p2
- http://www.securityfocus.com/bid/81293
- https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
- https://bto.bluecoat.com/security-advisory/sa109
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://launchpad.net/bugs/cve/CVE-2016-1907
- https://anongit.mindrot.org/openssh.git/commit/packet.c?id=091c302829210c41e7f57c3f094c7b9c054306f0
- https://security-tracker.debian.org/tracker/CVE-2016-1907
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1907
- https://nvd.nist.gov/vuln/detail/CVE-2016-1907
- https://ubuntu.com/security/CVE-2016-1907
Frequently Asked Questions
What is the severity of CVE-2016-1907?
CVE-2016-1907 is classified as a denial of service vulnerability that can cause application crashes.
How do I fix CVE-2016-1907?
To fix CVE-2016-1907, update OpenSSH to versions 7.1p2 or later.
Which versions of OpenSSH are affected by CVE-2016-1907?
OpenSSH versions before 7.1p2 are affected by CVE-2016-1907.
Can CVE-2016-1907 be exploited remotely?
Yes, CVE-2016-1907 can be exploited remotely through crafted network traffic.
What can attackers achieve using CVE-2016-1907?
Attackers can cause an out-of-bounds read and crash the OpenSSH application using CVE-2016-1907.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- package-manager/debian
- vendor/openbsd
- canonical/openssh
- version/openssh/6.8
- version/openssh/6.8-p1
- version/openssh/6.9
- version/openssh/6.9-p1
- version/openssh/7.0
- version/openssh/7.0-p1
- version/openssh/7.1
- version/openssh/7.1-p1