CVE-2016-3115

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2016-3115 DLA-1500-1 MGASA-2016-0108 RHSA-2016:0465 RHSA-2016:0466 SUSE-SU-2016:1386-1

Modified

Published: 22 Mar 2016, 10:00

Last modified:29 May 2026, 20:27

Vulnerability Summary

Overall Risk (default)

medium

46/100

CVSS Score

6.4 MEDIUM

v3.1 (nvd)

EPSS Score

50.37% CRITICAL

50% probability +6.38%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

22 Mar 2016, 10:00

Published

Vulnerability first disclosed

29 May 2026, 20:27

Last Modified

Vulnerability information updated

Description

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

CVSS Metrics

v3.1•MEDIUM•Score: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
v3.0•MEDIUM•Score: 6.4CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
v2.0•MEDIUM•Score: 5.5AV:N/AC:L/Au:S/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 50.37%• Percentile: 98%

Techniques & Countermeasures

CWE-93•Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Affected Systems

openbsd•openssh
≤ 7.2
oracle•vm_server
3.2