The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
Max CVSS
6.5
EPSS Score
1.34%
Published
2017-06-19
Updated
2017-10-24
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.
Max CVSS
9.8
EPSS Score
0.71%
Published
2017-06-19
Updated
2019-10-03
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
Max CVSS
5.3
EPSS Score
0.66%
Published
2017-10-26
Updated
2022-12-13
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
Max CVSS
5.3
EPSS Score
0.21%
Published
2017-04-27
Updated
2019-10-03
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
Max CVSS
7.8
EPSS Score
1.90%
Published
2017-03-27
Updated
2019-10-03
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-01-05
Updated
2022-12-13
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-01-05
Updated
2022-12-13
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
Max CVSS
7.0
EPSS Score
0.04%
Published
2017-01-05
Updated
2022-12-13
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
Max CVSS
7.5
EPSS Score
10.16%
Published
2017-01-05
Updated
2023-07-20
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.
Max CVSS
4.9
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value.
Max CVSS
7.8
EPSS Score
0.14%
Published
2017-03-07
Updated
2017-03-08
thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-03-09
Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-09-01
Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-03-07
Updated
2017-09-01
The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-03-07
Updated
2017-09-01

CVE-2016-6210

Public exploit
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Max CVSS
5.9
EPSS Score
10.74%
Published
2017-02-13
Updated
2022-12-13
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
Max CVSS
9.8
EPSS Score
0.37%
Published
2017-04-11
Updated
2022-12-13
Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.
Max CVSS
9.8
EPSS Score
0.78%
Published
2017-10-16
Updated
2017-11-01
23 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!