CVE-2016-1907

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
openbsdopenssh
6.8
openbsdopenssh
6.8:p1
openbsdopenssh
6.9
openbsdopenssh
6.9:p1
openbsdopenssh
7.0
openbsdopenssh
7.0:p1
openbsdopenssh
7.1
openbsdopenssh
7.1:p1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
xenial
not-affected
wily
Fixed 1:6.9p1-2ubuntu0.2
released
vivid
not-affected
trusty
not-affected
precise
not-affected
References