{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"OpenSSH vulnerabilities"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2016-0011","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-07-15T21:03:53.180Z","generator":{"date":"2026-07-15T21:03:53.180Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"PAN-SA-2016-0011","initial_release_date":"2016-07-12T17:30:00.000Z","revision_history":[{"number":"1","date":"2026-07-15T14:03:53.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.0.9","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-735"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.0.10","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-447"}},{"category":"product_version_range","name":"vers:generic/PAN-OS<=7.1.2","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-738"}},{"category":"product_version_range","name":"vers:generic/PAN-OS>=7.1.3","product":{"name":"Palo Alto Networks PAN-OS","product_id":"PANW-PAN-OS-456"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2016-0777","product_status":{"fixed":["PANW-PAN-OS-447","PANW-PAN-OS-456"],"known_affected":["PANW-PAN-OS-735","PANW-PAN-OS-738"]},"notes":[{"category":"description","text":"The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."}],"references":[{"category":"external","summary":"NVD - CVE-2016-0777","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0777"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0011","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0011"}],"threats":[{"category":"impact","description":"The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key."}]},{"cve":"CVE-2016-0778","product_status":{"fixed":["PANW-PAN-OS-447","PANW-PAN-OS-456"],"known_affected":["PANW-PAN-OS-735","PANW-PAN-OS-738"]},"notes":[{"category":"description","text":"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."}],"references":[{"category":"external","summary":"NVD - CVE-2016-0778","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0778"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2016-0011","url":"https://security.paloaltonetworks.com/PAN-SA-2016-0011"}],"threats":[{"category":"impact","description":"The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."}]}]}