QwikSec

Security Database

CVE

CWE

Training

CVE-2016-0778

Published: Jan 14, 2016

Modified: May 29, 2026

PUBLISHED

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

SUSE-SU-2016:0117

vendor-advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

APPLE-SA-2016-03-21-5

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

https://support.apple.com/HT206167

FEDORA-2016-4556904561

vendor-advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.openssh.com/txt/release-7.1p2

openSUSE-SU-2016:0128

vendor-advisory

vdb-entry

FEDORA-2016-2e89eba0c1

vendor-advisory

https://bto.bluecoat.com/security-advisory/sa109

vdb-entry

openSUSE-SU-2016:0127

vendor-advisory

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

[oss-security] 20160114 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

20160115 Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

mailing-list

SUSE-SU-2016:0119

vendor-advisory

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

SUSE-SU-2016:0118

vendor-advisory

SUSE-SU-2016:0120

vendor-advisory

vendor-advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

vendor-advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.