Information disclosure in Apple Mac_os_x
CVE-2016-0777
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated…
Vulnerability class: Information Disclosure
EPSS: 0.717 (98.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Apple Mac_os_x
- Hp Remote_device_access_virtual_customer_access_system
- Openbsd Openssh — versions 5.0, 5.1, 5.2
- Oracle Linux — versions 7
- Oracle Solaris — versions 11.3
- Sophos Unified_threat_management — versions 110, 120, 220
- Sophos Unified_threat_management_software — versions 9.318, 9.353
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (mailing-list, VDB Entry, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry)
Frequently asked questions
- What is CVE-2016-0777?
- CVE-2016-0777 is a medium-severity vulnerability in Apple Mac_os_x, classified under Information Disclosure. CVSS score: 6.5/10. Published 2016-01-14.
- How severe is CVE-2016-0777?
- Medium severity. CVSS v3 base score is 6.5 out of 10.
- Is CVE-2016-0777 known to be exploited?
- 48 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.