CVE-2016-1907

The sshpacketread_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

References

Affected packages

Git / github.com/openssh/openssh-portable

Affected ranges

Type: GIT
Repo: https://github.com/openssh/openssh-portable
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1dc8d93ce69d6565747eb44446ed117187621b26

Last affected

7de4b03a6e4071d454b72927ffaf52949fa34545

Last affected

9f82e5a9042f2d872e98f48a876fcab3e25dd9bb

Last affected

e91346dc2bbf460246df2ab591b7613908c1b0ad

Affected versions

Other

ABOUT_TO_ADD_INET_ATON

AFTER_FREEBSD_PAM_MERGE

AFTER_KRB5_GSSAPI_MERGE

BEFORE_FREEBSD_PAM_MERGE

BEFORE_KRB5_GSSAPI_MERGE

POST_KRB4_REMOVAL

PRE-REORDER

PRE_CYGWIN_MERGE

PRE_DAN_PATCH_MERGE

PRE_FIXPATHS_INTEGRATION

PRE_HPUX_INTEGRATION

PRE_IPV6

PRE_KRB4_REMOVAL

PRE_NEW_LOGIN_CODE

PRE_SW_KRBV

V_1_2PRE17

V_1_2_1_PRE18

V_1_2_1_PRE19

V_1_2_1_PRE20

V_1_2_1_PRE21

V_1_2_1_PRE22

V_1_2_1_PRE23

V_1_2_1_PRE24

V_1_2_1_PRE25

V_1_2_1_PRE26

V_1_2_1_PRE27

V_1_2_2

V_1_2_2_P1

V_1_2_2_PRE28

V_1_2_2_PRE29

V_1_2_3

V_1_2_3_PRE1

V_1_2_3_PRE2

V_1_2_3_PRE3

V_1_2_3_PRE4

V_1_2_3_PRE5

V_1_2_3_TEST1

V_1_2_3_TEST2

V_1_2_3_TEST3

V_1_2_PRE10

V_1_2_PRE11

V_1_2_PRE12

V_1_2_PRE13

V_1_2_PRE14

V_1_2_PRE15

V_1_2_PRE16

V_1_2_PRE4

V_1_2_PRE5

V_1_2_PRE6

V_1_2_PRE7

V_1_2_PRE8

V_1_2_PRE9

V_2_0_0_BETA1

V_2_0_0_BETA2

V_2_0_0_TEST1

V_2_1_0

V_2_1_0_P1

V_2_1_0_P2

V_2_1_0_P3

V_2_1_1_P1

V_2_1_1_P2

V_2_1_1_P3

V_2_1_1_P4

V_2_2_0_P1

V_2_3_0_P1

V_2_5_0_P1

V_2_5_1_P1

V_2_5_1_P2

V_2_5_2_P1

V_3_0_1_P1

V_3_0_P1

V_3_1_P1

V_3_2_2_P1

V_3_4_P1

V_3_6_1_P1

V_3_8_P1

V_3_9_P1

V_4_2_P1

V_5_0_P1

V_5_1_P1

V_5_2_P1

V_5_5_P1

V_5_7_P1

V_6_0_P1

V_6_1_P1

V_6_2_P1

V_6_5_P1

V_6_6_P1

V_6_8_P1

V_6_9_P1

V_7_0_P1