### [CVE-2016-0777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

### POC

#### Reference
- http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
- http://seclists.org/fulldisclosure/2016/Jan/44
- http://www.openwall.com/lists/oss-security/2016/01/14/7
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AgenticAI-LLM/Hackathon
- https://github.com/DevomB/SERP-DB
- https://github.com/ELHADANITAHA/OWASP-JSP-TP
- https://github.com/Jimi421/NakulaScan-2.0
- https://github.com/JustinZ/sshd
- https://github.com/Nihar2520/Cybersecurity-trainee-assignment-
- https://github.com/Paulineclv/Port-Scanner
- https://github.com/PsychoH4x0r/Unknown1337-Auto-Root-
- https://github.com/RajathHolla/puppet-ssh
- https://github.com/RedHatSatellite/satellite-host-cve
- https://github.com/WinstonN/fabric2
- https://github.com/akshayprasad/Linux_command_crash_course
- https://github.com/bigb0x/CVE-2024-6387
- https://github.com/bigb0x/OpenSSH-Scanner
- https://github.com/chuongvuvan/awesome-ssh
- https://github.com/cpcloudnl/ssh-config
- https://github.com/dblume/dotfiles
- https://github.com/devopstest6022/puppet-ssh
- https://github.com/dyuri/repassh
- https://github.com/edsonjt81/https-github.com-gotr00t0day-OpenSSH-Scanner
- https://github.com/eric-erki/awesome-ssh
- https://github.com/ghoneycutt/puppet-module-ssh
- https://github.com/hackingyseguridad/ssha
- https://github.com/jaymoulin/docker-sshtron
- https://github.com/jcdad3000/GameServer
- https://github.com/jcdad3000/gameserverB
- https://github.com/kdairatchi/crackscanner
- https://github.com/lycaleynes/NMAP-and-Wireshark
- https://github.com/lycaleynes/Nmap
- https://github.com/marcospedreiro/sshtron
- https://github.com/megabyte-b/Project-Ares
- https://github.com/micaelarg/vulnerability_scanner_public
- https://github.com/moul/awesome-ssh
- https://github.com/nishanb/insecure-app
- https://github.com/phx/cvescan
- https://github.com/project7io/nmap
- https://github.com/ritheesh0/SOC-Incident-Response-Lab
- https://github.com/ryanalieh/openSSH-scanner
- https://github.com/threepistons/puppet-module-ssh
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/xasyhack/oscp2025
- https://github.com/xasyhack/oscp_cheat_sheet_2025
- https://github.com/zachlatta/sshtron