CVE-2016-10708

Published: Jan 21, 2018

Modified: Apr 29, 2026

PUBLISHED

Description

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.openssh.com/releasenotes.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20180423-0003/

x_refsource_CONFIRM

[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update

mailing-list

x_refsource_MLIST

https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737

x_refsource_MISC

USN-3809-1

vendor-advisory

x_refsource_UBUNTU

102780

vdb-entry

x_refsource_BID

[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update

mailing-list

x_refsource_MLIST

http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html

x_refsource_MISC

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

x_refsource_CONFIRM

https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-10708

Description

Affected Products

References