DEBIAN-CVE-2016-3115

DEBIAN-CVE-2016-3115 PUBLISHED CVSS 6.400000095367432 MEDIUM

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Risk Scores

CVSS v3.0

6.400000095367432

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	openssh	0, 0, 0
Debian:11	openssh	0, 0, 0
Debian:12	openssh	0, 0, 0
Debian:13	openssh	0, 0, 0

Timeline

Mar 22, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-3115 advisory

Open in Interactive Console →