CVE-2012-0920

2012-06-0522:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2012-0920

dropbear ssh server

vulnerability

command restriction

public key authentication

remote code execution

nvd

channels concurrency

9.3 High

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.8%

JSON

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to “channels concurrency.”

CPENameOperatorVersion
dropbear_ssh_project:dropbear_sshdropbear ssh project dropbear sshle2012.54
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq6.0

CPE	Name	Operator	Version
dropbear_ssh_project:dropbear_ssh	dropbear ssh project dropbear ssh	le	2012.54
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	6.0