CVE-2016-1907

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
openbsdopenssh
6.8
openbsdopenssh
6.8
openbsdopenssh
6.9
openbsdopenssh
6.9
openbsdopenssh
7.0
openbsdopenssh
7.0
openbsdopenssh
7.1
openbsdopenssh
7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
xenial
not-affected
wily
Fixed 1:6.9p1-2ubuntu0.2
released
vivid
not-affected
trusty
not-affected
precise
not-affected
References