{"id":"CVE-2016-10012","details":"The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.","modified":"2026-05-18T10:51:56.261156Z","published":"2017-01-05T02:59:03.150Z","related":["SUSE-SU-2017:0264-1","SUSE-SU-2018:2275-1","SUSE-SU-2018:2685-1","SUSE-SU-2018:2719-1","SUSE-SU-2018:3540-1","openSUSE-SU-2024:11124-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94975"},{"type":"WEB","url":"http://www.securitytracker.com/id/1037490"},{"type":"WEB","url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"},{"type":"WEB","url":"https://support.f5.com/csp/article/K62201745?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"WEB","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us"},{"type":"WEB","url":"https://www.openssh.com/txt/release-7.4"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/19/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2029"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20171130-0002/"},{"type":"FIX","url":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openbsd/src","events":[{"introduced":"0"},{"fixed":"3095060f479b86288e31c79ecbc5131a66bcd2f9"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"vanir_signatures":[{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":123,"function_hash":"19787566776859132339991430245715243529"},"signature_type":"Function","id":"CVE-2016-10012-001c9055","target":{"function":"monitor_sync","file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":88,"function_hash":"90801207487276525734065037479708452653"},"signature_type":"Function","id":"CVE-2016-10012-08d3f4e8","target":{"function":"mm_zfree","file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["210663824695732405009787170993220330768","131923883707859007069318152214061950633","248256768875892485020379831258228006440","278978553488619433519365408273327935868","83830881015221574078199502049789987744","59067662578575342300550998967926180442","160347824006601431198195086159407508021","260831324081188375516912734093043204465","244203710044949689788164277955328000092","200262822262238466573582118410855456965","209456196847119051134409517161655404586","313813357271657099160056567433191859612","187916214999478073539989978306655134789","90388542045144516664315375112414244985","185666866406767800010575433351068416734","141980426676747439272054591719800197094","66097518021236857052745960650911103909","248999025047495188782439180787481603748"]},"signature_type":"Line","id":"CVE-2016-10012-09f0bf28","target":{"file":"usr.bin/ssh/monitor.h"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":1770,"function_hash":"156032556569585944961956651245480097771"},"signature_type":"Function","id":"CVE-2016-10012-12c39060","target":{"function":"mm_free","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":718,"function_hash":"250893097395263051801690716551466342312"},"signature_type":"Function","id":"CVE-2016-10012-13610d36","target":{"function":"ssh_packet_get_compress_state","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":223,"function_hash":"160209238553303984065157617046731194775"},"signature_type":"Function","id":"CVE-2016-10012-1d4189e6","target":{"function":"mm_xmalloc","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":1827,"function_hash":"26900351392457672156505363922011835335"},"signature_type":"Function","id":"CVE-2016-10012-20eb7f0e","target":{"function":"newkeys_from_blob","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":1437,"function_hash":"329038996910479948833693767445273020725"},"signature_type":"Function","id":"CVE-2016-10012-217f75aa","target":{"function":"privsep_preauth","file":"usr.bin/ssh/sshd.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["209451810706483925123076352780022137767","173646752516420491291029161401902948732","295588719298582786857702145149080797548"]},"signature_type":"Line","id":"CVE-2016-10012-356ed12a","target":{"file":"usr.bin/ssh/monitor_wrap.h"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["72270489124686434271344040441312167916","164712019049199241564443666496280656280","219446633857847363439587977755968608982","210471328888853530424054097220368889824","92835100408840769989567474013344874725","228569586846851071359217170082450743945","260892429226444181129099585789786716508","164084719166714913424321823462944444987"]},"signature_type":"Line","id":"CVE-2016-10012-3ec0f1c4","target":{"file":"usr.bin/ssh/packet.h"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":916,"function_hash":"46237811697061394590864271323261521250"},"signature_type":"Function","id":"CVE-2016-10012-434e434f","target":{"function":"ssh_packet_set_compress_state","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":1409,"function_hash":"272306317782060553726015630961483861506"},"signature_type":"Function","id":"CVE-2016-10012-56054484","target":{"function":"newkeys_to_blob","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":677,"function_hash":"104546991621467427731671732706859827534"},"signature_type":"Function","id":"CVE-2016-10012-60007579","target":{"function":"mm_share_sync","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":1160,"function_hash":"249443045318559962764230554948501977559"},"signature_type":"Function","id":"CVE-2016-10012-65152343","target":{"function":"monitor_apply_keystate","file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":2504,"function_hash":"106635314106944530159533297305321971068"},"signature_type":"Function","id":"CVE-2016-10012-6a539019","target":{"function":"ssh_kex2","file":"usr.bin/ssh/sshconnect2.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":575,"function_hash":"316680368581244064091229354052498839869"},"signature_type":"Function","id":"CVE-2016-10012-6b696f15","target":{"function":"mm_create","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["122856676980976408424956964731862508850","128295707992072665494573098803873759761","72564454213270923999408279696732087529","195443014004423360845856857472195360348","83644932237561296055651810039147512857","263210187927065494295423637643784297456","339930767030533666388382333968091840577","214315649628028929949495892816010531205","279644063404218081782621182839301117852","220954563115370276128121767233303817717","241335417638123918943255595442341976257","289712629190601945530436535812299606867","333011963945759155881318087667118131233","331556229245533723715352540913822341705","112893154947251945075905108098351163071","191153787513746364161789858252043315542","240264651513735531774355371444590553926","12114111358982613198494231864876278651","272689044061720884711826131551796296719","232657438329826002284404454988965095974","191823817534510719217670775989773320290","315871554362013006023994337370986983276","41387834141129589576652237776877969456","32286226364090941881862840375249477423","334233043126934271343396274085839720454","263544837507016274070789912062619873101","165382104637652906717387323616065956917","157288773634793841910383348832099868119","226041996026605443329273872393094948455","274472857208587773383311769879231147328","28131575656176406033220924014495314298","85374374505020638473923090678424342606","246242179112502678482933099113941584192","269506329538030034720386228241048206075","85927934065903109214245663807933513592","146693961540079653288257606688806673651","250304576376539671421255178137995355488","263844091198242911383316063140905902992","283779075790461296793590910433765163406","80655824650650264749574092700244316280","26238246173057955926351843268943120016","303598601581557108357487019854162424131","325637769873634530770683872065520974050","14879758159781632350693082608398188232","323808325280928062983846366186813379413","261003325535945362647030422354359136203","327728822210091286230181361977327795188","101999294789646414946615597602689643057","253060923820685189213561609805596732674","124010546680767315057030104696598458296","99668910188428157552570553466422678139","81701920503308902178542000332312423038","135513252191420211596786659141698614260","78876677757065317524788748034288696898","152282936297490701707729350254426911744","5932765668507132482738376931753387955","240016817561748287304659915441324904817","304809483825467235497646781609590733724","34488557024138062785788486103564500162","48312124740677156793424335383573954477","291100346817855682180883747648220545489","35564169709997042436198445402824146888","79188186087578341895887859933429290074","242464462828761374843188474584851013381","125143830845699661547196808440042430813","148099792614712262947486368291866177380","36279310332186513582949802920585397508","78348709716469295079573679368862080377","271181469851931516823687991610122414670","77879763244557440085966456309023689564","217119672091171133743788056839824140026","303049336910998942830413847420172843040","222695948084434719440282682300746172936","99903079036274322401962245393286378308","132294779308958246537472788455059502432","156065307833501751320995293664207382216","36478149867440104626899657085702494116","53843353034866881317518721750342981001","139578100081434036501833703880406399367","143527749757330312445480730981972518011","78311686762071184318045807875999048102","277387078571845347093842289679338786580","43371938102833508174779797493120991808","327046487875099095214489830347235938972","301266178941719795047965715889233848460","217636989196465676401656459347494946562","278712453340100995898320279337330412616","253745678975394514483185880747228378188","237438165772576426192135221769720432647","299642801405196967729448864412979512342","120662476759394751191561446823969425688","61343457709908027930580307375526907379","331487221248544459477380676289572348352","39804341976494786648540033509134364549","92267633256983909556009884489891557038","257055888260916517093205899279646656258","188190882127549673409245368050311123111","231820281142152382959707825369247732634","139505391296590887566703475327864701287","326370931844496052237788674001473085412","47718240563260091640073022134983494229","199486282235649587371283077904750008161","285871325508566753205167182793237702748","29541932504957908734051369058691854715","246652374304208648619030912844877940942","48881585763834642283967375582558445242","256537352478158462700290577461539625180","276452362440722537199922544668719504181","13174985231787553979840573905256500891","283146782466961824480489778802744001033","100602269509913847191726124997820537648","297223825460626273989864382940870484680","154244910577547316508933757494920665236","80156650189121985715115226226414256438","72481802703421426935219182324601337146","329755855947015914506172620607065433575","335233406436387690034264223037723331873","218592540331340363946450314786762600132","233814729432161625646516193591196065044","62338726793706410244514819351645520416","32227101514959998380009704634626626737","282557801097324813343026063241855790626","6220301468728500469951651435803783294","103242886713438227534664660316919167901","334652481819788292658790530849085690167","10798437053791524609595529173185243723","14795794865504517845384241980232820981","170088767652609176660018003855410156593","338735266460269946123428905887703325194","133209501343814692715922467603336089894","97161441787587296830334851673949570685","80374424132170935727223087161901099701","81179516401604009566410976686673838578","284446223073796630334135054385749737739","189819246312322799004349398443511685453","160618048405279263023845719816935756036","208386844055110233146841876440637095094","159785176904013660794374575790825387623","174453310315703005831696535533781945415","175462200484287459005606265657470644947","260399957981404962201281412371512586495","49717353940888781049601637065922640946","228339319053341116981072853193507213169","276916768865465128682287476351420705216","9915156647542119270902429371751558846","247956564742787284180074271760304807431","140735860506145843607721211419852241190","64628974260509195086858142239913491633","187845782824813510348780595294510339247","236174194371530055960679531368026961381","277390915462463011705488965065160076477","145847173806450146869890166557152762667","118850800751058919465563078117092989683","5980139102587238460745042763729669170","292188528419710832331162739598427650168","209808224061200306548471456749510389663","207988502764611609058440012923258856277","109098873996882001770807686747938494864","90949869279553983342089309229611928894","282733431857830592606112009032670647978","62338726793706410244514819351645520416","32227101514959998380009704634626626737","241097835091849270341994657967248118381","78627876126918168706081714258253362931","247888443061620191625956826027051656974","198908811866003059146918893445715645536","192692348998668652316894662858637136960","137211063495506013958047814528353595872","153269949145405601132608314605158874314","162530070280180127463242845038782965355","689354439468674175164545926302755444","287709955861811451488383961512756291844","85230176920678029553467776373170829035","249418337739094739933157947246863708550","35561865123162627880170679372470666107","88700674127439759971255607754800516546","291397205256075859638571661779165582934","282733431857830592606112009032670647978","62338726793706410244514819351645520416","32227101514959998380009704634626626737","282557801097324813343026063241855790626","75101426616157756925784958780712819009","147098392619975674077110303367705997647","34944512704048498691659231925565987528","218380405530799655154925890736800637119","160137693977370983407790266337298718332","107605779723451821176855495144019779924","52114181316810222925241206530857312267","183311193068274612035985493064956825547","131429638264561078640461726014585404106","179651783216748154511091685229695980603","285936762254008106662870717876862416049","325308790647618885136322676114882335143","280819107548925187010013350603487073987","337998156818223331293498639552266621371","39344607289453593932644834576070019258","292010485889647051403843866142075314789","183015146619337762470793318974942355777","121331621389426077908739406850787850438","228304581080596252055072816363727966031","158083592709055073463676176891922784151","75109127791691517015134664837120638204","313922492728678128533438612509211548635","36512766701479851111941957466305022777","84081830103800417782324394097059834394","129092786736962865734652749089730571384","144213959000662799820978443696292948348","299110158010233904244764870325043977069","22194103107667761873806622761901926347","41562943475123464177602565764725166050","12460182600204688463398993278029757249","87036424147301868675451984039744685424","228775268230283374115845544290551159223","292533497969815865453942555033582041087","68474371586521926763696761493994784288","294129378299107537897829390053082252081","310577699592680439776894836648927568807","103512142427241795495210161804490355550","91351776161672322142629610064790592576","145085886475436881790917410541690674907","247331163348055584525403134178051293364","124530104047553519090620627364442503153","165428008594127869450507685485965204339","272726004162998857845111767377164446896","240552092329220528595152252137717837416","183591500917955691208113407651652086449","152675205316707170869681597126752129033","139590536983607535670362498962084999820","190356060614235868593795894228895016754","283588407336890141910180502313656013061","31643165455106150931481015960304079935","155913770569209398016800468142400945237"]},"signature_type":"Line","id":"CVE-2016-10012-70303ae4","target":{"file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":2737,"function_hash":"210944744612879901678697589430312613747"},"signature_type":"Function","id":"CVE-2016-10012-75699d87","target":{"function":"ssh_packet_set_state","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["63492905125214842608939466150681956722","303457288269239976503303291350991022608","220500310924542529933825098441816424411","262889697851094745457653754422388763509","204755359977580826643464036678535252550","3696332579255615039295458876254573047","167279510354656515250570039284745830919","332157773651874815034395875159202401828","150259037883857160451156642506206185603","96713120004196259344766881754720509439","138859091979176992335298813453904488207","206350175891727164663845052080816561143","258514388112951753179706811122936615338","44824728558079070372732414861558790853","74253349949570483966135243058156573244","290435452869124752252163783394762179348","107137487283796432787624853631494770946","306645639194819781383178834666345510232","203108466953926250699578499814508148518"]},"signature_type":"Line","id":"CVE-2016-10012-76e73129","target":{"file":"usr.bin/ssh/monitor_mm.h"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":286,"function_hash":"136355385081291693145510567919037538489"},"signature_type":"Function","id":"CVE-2016-10012-7739d908","target":{"function":"mm_freelist","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":243,"function_hash":"229532435576041944149746661864637438847"},"signature_type":"Function","id":"CVE-2016-10012-83b2af4b","target":{"function":"mm_zalloc","file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":403,"function_hash":"259508329969652734438951460022663670403"},"signature_type":"Function","id":"CVE-2016-10012-83f721b3","target":{"function":"mm_sync_list","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":466,"function_hash":"195462006080202151058855718770221565336"},"signature_type":"Function","id":"CVE-2016-10012-8720ccdf","target":{"function":"mm_make_entry","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":2297,"function_hash":"81775569718651114159932179198964929502"},"signature_type":"Function","id":"CVE-2016-10012-88cc77be","target":{"function":"ssh_packet_get_state","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":221,"function_hash":"315260476124015613274372720123591373424"},"signature_type":"Function","id":"CVE-2016-10012-9182a636","target":{"function":"mm_compare","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":439,"function_hash":"198294431086706618345545593186475453841"},"signature_type":"Function","id":"CVE-2016-10012-9408745e","target":{"function":"ssh_packet_set_postauth","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":825,"function_hash":"246209802436221073198716231149832003203"},"signature_type":"Function","id":"CVE-2016-10012-95c1ceea","target":{"function":"mm_malloc","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["3986170157780633146287177060325405176","187624496258067050862774839314093433352","316415727010510151687753022043434242530","331997194013251268951741612494512039149","295056825492907322699493193767471462320","336641971228234674741868083118017933896","164754079993511519197829221398822291711","179701342426907882754140188257731132573","150006045386931901310927972159324622501","338426699733213553798827196343562358409","1762646452618043756514448788437833190","306692005479404984688572952599426701839","99692467200911862729248046867208997080","207209801564573091761753768196609413121","150687106720659371072722987550023466071","76076356564270635332405916542065730345","131979086482335549434949516648219238488","207142018419887925739066689443977825599","111552626105798202458961262597803143068","160546360559617013489448587740751100338","337118175608375196686494435138232661773","146920649869898202824773256261867748499","231061182168598107383092304431822124289","262883024737513570660732436621760631002","232932448284075575809401862523670345630","267716307335931762555575902037833123707","262124495365828041439714542187333862447","287707771089767289478499038591535156472","131442726020275025774213511638480926931","60932045922852122525869783934935242726","287441932675906950333481545112865125066","322356807734073288922197543117604436881","200588691070969112306725761023026297767","246104201323833180279517260801945501505","107100002992705682611555433590773244477","130035229753022852783674436005766581023","61295570989420836931414909950897984522","102083362914256065279799401006600011037","236138393353480041868499478596582702658","33242094315786949895757405104131928434","5096708862856463209482305577579751852","3039962433928799474983801832967425138","47313974499880062474022931973405937786","98128731884849752631245529941474463144","317641173106247974552240571249216546353","58330597010384730622081125167327872377","129852330851384231507046028812760153254","153883400399685322238190149939468114963","339945023926096851940630892829080562267"]},"signature_type":"Line","id":"CVE-2016-10012-a2e93bfe","target":{"file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["92339758944832384808067347777183331991","110554480695331875695893112004790728270","185418997753367927124341716856265722168","26399897753617695527062504331546154696","263911993232088682737495964097403875986"]},"signature_type":"Line","id":"CVE-2016-10012-a68ca0fd","target":{"file":"usr.bin/ssh/opacket.h"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":376,"function_hash":"246509042095193704228224784556387616188"},"signature_type":"Function","id":"CVE-2016-10012-bc34c5b6","target":{"function":"mm_memvalid","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":539,"function_hash":"117573989832639018608632524027446033420"},"signature_type":"Function","id":"CVE-2016-10012-bcb80e82","target":{"function":"ssh_packet_set_compress_hooks","file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["266437800545856623868144125685992266092","296943845394337765377655489593586717015","115789991485917586942696591212709301953","140643594413382386362748270808850267360","187950367611967818477315478405027220304"]},"signature_type":"Line","id":"CVE-2016-10012-bcc778ab","target":{"file":"usr.bin/ssh/sshconnect2.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["218961667702528926835813411290385481184","51425725792018334807628920794857199485","309976280530353599596397211799258248434","241196052003048191641638600149112455434","46534413873132024851020703345985457284","174308340565503404237424035362680394493","83159635653473313002661866900522252049","69184178380021486790300220686961765998","233743965036369128317817165665540091817","267705615647429415990411469489144590388","196227761605974691260273874494759609294","234845329043830617810963558563105360764","128279137506178004846538063735022881136","22849819714823334927726466767796822681","256216845447239437823425121638398212174","8555205237531010168854672957422629805"]},"signature_type":"Line","id":"CVE-2016-10012-cf78995e","target":{"file":"usr.bin/ssh/sshd.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":398,"function_hash":"291452227881078510652708033206275168331"},"signature_type":"Function","id":"CVE-2016-10012-d3ea5214","target":{"function":"mm_destroy","file":"usr.bin/ssh/monitor_mm.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":2090,"function_hash":"137287921537717462901428611168732027204"},"signature_type":"Function","id":"CVE-2016-10012-e44f167a","target":{"function":"do_ssh2_kex","file":"usr.bin/ssh/sshd.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["132514522100893584763400938428632138795","93662261141235397336793541586627527916","196916878226047626840262186601989088487","105500930847095934221890730713633737276","291262967225278895935474248793855447644","149282259997749776603589546963597350643","244148465990270825591969349022037813959","316752005384031523944160980769808918032","59754710783195729278712193842484175160","307438015958756101804438404212133321386","299981423065389235233039412922326415227","106588279553277478005076151562138795421","62957466730377894729809379719991855051","249721311281187348334914941588936748881","33286524880571923076807810779075878897","12548829993946160467465523141297196722","192157690076187799725590018047411081188","134910782362294600097867853786878518964","333489371439596654919427715214349045989","298667925634053797005944253072004431411","274436105781662779899569146025950414722","61560376861704294010621130929113160980","92306284121362144103504934037826544587","187175669287800598351987378400398176879","234558322471998626107782005288018330652","236615512086588248759269071540002846108","292052418515377198071858651205040074421","224203401537799596673520816240152705342","126923768880133180376075083202094387240","107777194632229031700290777740108741524","24644998821322157263348701506318346161","272343673696345875745208406483364913453","289071825043362528504440812834360015339","306055952813570507642149304157622866501","251136277414396614366216295311352561252","212169158983711661889928013669297270249","148655032458380666575261534300092195926","218078603158714494690498309808603285651","321095670099238113783872891245324812473","107198883614168869265021609108121983046","293347752037551389426286797574054143412","243288520318374227917821838258587641215","154250160204536813558157417107921782160","187953564666435103742803642188759370736","95926324395984616336487035123925778219","262611050556627696158889730188105658675","90889799032949993479553183946781530427","103300905589160828835521473906351557602","38947032563543376567330637427671724907","31048029766960100490575131218707526111","257674264672604951741864148244088282338","256954637326451050486093507547854792344","131538305543282412779367733758589460292","83572129168252630668302932092256547832","98800943116185676837074559196553650043","121233626524746529584085239191802567696","97221763119094124604216292152028242379","199828009662299637047759370313797578415","219753898558153601221174380254562661443","215154324758628038704504206925257878793","166430857464868330395218017034935656567","236615512086588248759269071540002846108","257111449402475086363320868135165365045","236273540881882814924477883530637657157","223195126194175232127848382182876477216","194221482132193675164423163887569393248","333469070079318375313189279144985336509","148179394390046042332063154428011634973","232850665898145791467070747834989319539","90715865283791057194956211762469850434","236820056086515963114034914788479170017","42104955608913068812534096028522759651","299171408551220353178217821782692388234","146719500385401035061479269121859741983","266541490146137226485078496488449929220","28201395348394568675930617937393320163","164027078768143438131341979088594905071","201297370799471475981152323435994057616","96437864412034116580544932188551827723","223241258159697860559492224930193312138","147339089773629133313140557153950861267","82125812610822070783585544032912682949","95186829943318240304111260014742662375","187995248669840948285463978243901836000","236563620102745984396007799148183913117","158998405628755166574905812037622198018","214621693679919327172442784533698668457","106814406066769379336800210764736545674","35126189411803143624821148908679245383","311143001652242987264750261196904778531","183386639387309647348491114143838131429","200540865117416994665477036662483300067","40871188566960555797534865343993917120","13458806003631525821061644421900999494","60946534108621062980334698566831484457","239120391906639848946487653621772580923","292849405841636689844029437609060663719","107223988011998006854246982365376709755","327543897574958096234664736239498303279","181793466963432517568718111898041014637","251757646332102516841809413892451146616","310790218446200747882084467246607711264","115892454165190277800564566547489712554","182092513320582408817261263591159565991","145029810110518200812601557034834754451","299482943012964829090500887518256277715","121667734468993890811943963222673582822","338080704945997851538520892700355057520","190415711471846445228726202833970116141","318980703340524144476537362837510090987","17717298681165406196417530118235905925"]},"signature_type":"Line","id":"CVE-2016-10012-efd14493","target":{"file":"usr.bin/ssh/packet.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"length":380,"function_hash":"4371933995261020600055081764658050858"},"signature_type":"Function","id":"CVE-2016-10012-fb5c76e9","target":{"function":"monitor_init","file":"usr.bin/ssh/monitor.c"},"deprecated":false},{"source":"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["289569439024556482632125853915824455640","227660325657379043194812643554878727708","73192458112782044814028316681044393308","236246442815902649393838961252303663418","250694125307985696215227512243518615567"]},"signature_type":"Line","id":"CVE-2016-10012-fee9c8af","target":{"file":"usr.bin/ssh/servconf.c"},"deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10012.json","vanir_signatures_modified":"2026-05-18T10:51:56Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openssh/openssh-portable","events":[{"introduced":"0"},{"last_affected":"99522ba7ec6963a05c04a156bf20e3ba3605987c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"7.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*"}}],"versions":["V_7_3_P1","V_7_2_P1","V_7_1_P1","V_7_0_P1","V_6_9_P1","V_6_8_P1","V_6_6_P1","V_6_5_P1","V_6_2_P1","V_6_1_P1","V_6_0_P1","V_5_7_P1","V_5_5_P1","V_5_2_P1","V_5_1_P1","V_5_0_P1","V_4_2_P1","V_3_9_P1","V_3_8_P1","AFTER_KRB5_GSSAPI_MERGE","BEFORE_KRB5_GSSAPI_MERGE","POST_KRB4_REMOVAL","PRE_KRB4_REMOVAL","AFTER_FREEBSD_PAM_MERGE","BEFORE_FREEBSD_PAM_MERGE","V_3_6_1_P1","V_3_4_P1","V_3_2_2_P1","PRE_SW_KRBV","V_3_1_P1","V_3_0_1_P1","V_3_0_P1","V_2_5_2_P1","V_2_5_1_P2","V_2_5_1_P1","V_2_5_0_P1","PRE-REORDER","V_2_3_0_P1","PRE_CYGWIN_MERGE","V_2_2_0_P1","V_2_1_1_P4","V_2_1_1_P3","ABOUT_TO_ADD_INET_ATON","V_2_1_1_P2","V_2_1_1_P1","PRE_NEW_LOGIN_CODE","V_2_1_0_P3","V_2_1_0_P2","V_2_1_0_P1","V_2_1_0","V_2_0_0_BETA2","V_2_0_0_BETA1","V_2_0_0_TEST1","V_1_2_3_TEST3","V_1_2_3_TEST2","V_1_2_3_TEST1","V_1_2_3","V_1_2_3_PRE5","V_1_2_3_PRE4","V_1_2_3_PRE3","V_1_2_3_PRE2","V_1_2_3_PRE1","V_1_2_2_P1","V_1_2_2","V_1_2_2_PRE29","V_1_2_2_PRE28","V_1_2_1_PRE27","V_1_2_1_PRE26","PRE_IPV6","V_1_2_1_PRE25","V_1_2_1_PRE24","V_1_2_1_PRE23","V_1_2_1_PRE22","PRE_FIXPATHS_INTEGRATION","V_1_2_1_PRE21","V_1_2_1_PRE20","V_1_2_1_PRE19","PRE_HPUX_INTEGRATION","V_1_2_1_PRE18","V_1_2PRE17","V_1_2_PRE16","V_1_2_PRE15","V_1_2_PRE14","V_1_2_PRE13","V_1_2_PRE12","V_1_2_PRE11","V_1_2_PRE10","V_1_2_PRE9","V_1_2_PRE8","V_1_2_PRE7","V_1_2_PRE6","V_1_2_PRE5","V_1_2_PRE4","PRE_DAN_PATCH_MERGE"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10012.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}