CVE-2016-1907

MEDIUM5.3EPSS 0.54%

Published: 1/19/2016Modified: 4/28/2026

Description

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Affected packages (2)

Alpine/opensshfrom 0, < 6.8_p1-r10
Debian/opensshfrom 0, < 1:7.1p2-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-1907
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-1907