CVE-2016-10011

MEDIUM

OpenSSH < 7.3 - Information Disclosure via authfile.c Buffer Handling

Title source: llm
STIX 2.1

Description

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

Scores

CVSS v3 6.2
EPSS 0.0110
EPSS Percentile 61.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-119 CWE-320
Status published
Products (1)
openbsd/openssh < 7.3
Published Jan 05, 2017
Tracked Since Feb 18, 2026