Question 1

What is CVE-2016-0777?

Accepted Answer

CVE-2016-0777 is a medium-severity software vulnerability (Information disclosure) with a CVSS score of 6.5. The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated

Question 2

Is CVE-2016-0777 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 63%.

Question 3

What products does CVE-2016-0777 affect?

Accepted Answer

Tracked products affected include OpenSSH, Solaris. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2016-0777?

Accepted Answer

Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version.

CVE-2016-0777

Summary

Impact & exploitability

Affected products we track (2)

Recommendation

Additional information