Vulnerability Details : CVE-2016-1907
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2016-1907
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
Threat overview for CVE-2016-1907
Top countries where our scanners detected CVE-2016-1907
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-1907 105,745
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-1907!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-1907
2.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1907
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-1907
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1907
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
-
https://bto.bluecoat.com/security-advisory/sa109
SA109 : Multiple OpenSSH Vulnerabilities (January 2016)
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
HPSBMU03668 rev.1 - HPE Systems Insight Manager using OpenSSL, Multiple Remote Vulnerabilities
-
http://www.securityfocus.com/bid/81293
OpenSSH CVE-2016-1907 Denial of Service Vulnerability
-
https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
openssh.git - Portable OpenSSH
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
[SECURITY] Fedora 22 Update: openssh-6.9p1-10.fc22
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
[SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-1.fc23
-
http://www.openssh.com/txt/release-7.1p2
Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
[SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-7.fc22
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Jump to