CVE-2016-10009

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10009
Downstream
Related
Published
2017-01-05T02:59:03Z
Modified
2025-10-21T12:33:52Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

References

Affected packages

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openbsd/src
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9476ce1dd37d3c3218d5640b74c34c65e5f4efe5

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "54322556810749533856674203680550405300",
            "length": 5276.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "usr.bin/ssh/ssh-agent.c"
        },
        "source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
        "id": "CVE-2016-10009-6e1bf1ba"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "184555741998832899293569114491144664366",
            "length": 1620.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "process_add_smartcard_key",
            "file": "usr.bin/ssh/ssh-agent.c"
        },
        "source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
        "id": "CVE-2016-10009-9aede9cd"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "168430173209846986160139292021779653609",
            "length": 248.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "usage",
            "file": "usr.bin/ssh/ssh-agent.c"
        },
        "source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
        "id": "CVE-2016-10009-a44430d9"
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "142483365029668147691457446802921276205",
                "250659224063928617215793942078706547538",
                "186433263794914433655546570418640715506",
                "145956066483205540825210961224514516665",
                "205336514962396733962946238137086908057",
                "308294402119300721808387440053904700120",
                "229170636859438846261070092903996245548",
                "133605912153722405171070541258834829263",
                "298945563002082750975148888961149448936",
                "18223243453012819806615890197908838889",
                "92292952884314727365381090292952041489",
                "250294875155092404905750109346889395714",
                "303923036939542543422567147047301569345",
                "165459416023956927317086797988258544570",
                "194615421843460364635895814226128714084",
                "14464617986697886313054505967818965353",
                "123684310053238233503711894002495251236",
                "207909760781518401665282819603546709059",
                "78106355598291000459226506197302424160",
                "106275913102308758012226899301898271087",
                "242665360652111663045219209098025944356",
                "139797183103614261312021618757273732659",
                "182391827327216986141572706776590394273",
                "111044574282543119978158872884833335479",
                "288232552361581177306819966473921100645",
                "297550672717688535026537946978165800386",
                "107034572075901416288895530823586948123",
                "100003948836048931810044988847738001910",
                "106849634978805465190365600533325433236",
                "101233567377053187735520598652020051794",
                "335869512759701909861770044595716911071",
                "328237990972000635419229533316714104257",
                "259729757027794272826680827647026360446",
                "85755012820083792425085775497825793503",
                "124726711480376203878848898571313165213",
                "98474810828369877792745208280358344886",
                "98559506974840227351087186343261946048",
                "167843081860392035951525998529388116105",
                "268386579347951704159859878925413090012",
                "51528988384784010480338758662223195005",
                "169951084360471300534704882317258565364",
                "321537092709250968834794765376342790241",
                "300385835046007811152383045892687120525",
                "320862203674190077317850581735226510658",
                "51365043877139803052742965681721138317"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "usr.bin/ssh/ssh-agent.c"
        },
        "source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
        "id": "CVE-2016-10009-cbeaedac"
    }
]

Git / github.com/openbsd/src

Affected ranges

Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected