CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:netapp:vasa_provider:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:29

Type Values Removed Values Added
References
  • {'url': 'https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS', 'name': 'https://support.f5.com/csp/article/K32485746?utm_source=f5support&utm_medium=RSS', 'tags': [], 'refsource': 'CONFIRM'}
  • () https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSSĀ -

Information

Published : 2018-01-21 22:29

Updated : 2024-02-28 16:25


NVD link : CVE-2016-10708

Mitre link : CVE-2016-10708

CVE.ORG link : CVE-2016-10708


JSON object : View

Products Affected

netapp

  • cloud_backup
  • data_ontap_edge
  • oncommand_unified_manager
  • service_processor
  • vasa_provider
  • storagegrid_webscale
  • clustered_data_ontap
  • data_ontap
  • storagegrid

canonical

  • ubuntu_linux

debian

  • debian_linux

openbsd

  • openssh
CWE
CWE-476

NULL Pointer Dereference