QwikSec

Security Database

CVE

CWE

Training

CVE-2016-0777

Published: Jan 14, 2016

Modified: May 29, 2026

PUBLISHED

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

SUSE-SU-2016:0117

vendor-advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

APPLE-SA-2016-03-21-5

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

https://support.apple.com/HT206167

FEDORA-2016-4556904561

vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

vdb-entry

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

FreeBSD-SA-16:07

vendor-advisory

FEDORA-2016-c330264861

vendor-advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.openssh.com/txt/release-7.1p2

openSUSE-SU-2016:0128

vendor-advisory

FEDORA-2016-2e89eba0c1

vendor-advisory

https://bto.bluecoat.com/security-advisory/sa109

vdb-entry

openSUSE-SU-2016:0127

vendor-advisory

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

SUSE-SU-2016:0119

vendor-advisory

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

SUSE-SU-2016:0118

vendor-advisory

FEDORA-2016-67c6ef0d4f

vendor-advisory

SUSE-SU-2016:0120

vendor-advisory

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

vendor-advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.