---

CVE-2016-10012 - log back

CVE-2016-10012 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Insufficient validation
Description	+ It was found that the shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimizing compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first).
References	+ https://www.openssh.com/txt/release-7.4 + http://seclists.org/oss-sec/2016/q4/705
Notes