20 matches found
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2016-7407
CVE-2016-7407 affects Dropbear SSH. The dropbearconvert tool allows arbitrary code execution via a crafted OpenSSH key file due to improper handling of ASN.1 OpenSSH keys in Dropbear before version 2016.74. The impact is remote code execution with the privileges of the dropbearconvert/dropped pro...
CVE-2021-36369
CVE-2021-36369 affects Dropbear up to version 2020.81. The issue stems from a non-RFC-compliant check of available authentication methods in the client-side SSH code, allowing an SSH server to influence the login process, bypassing security measures such as FIDO2 tokens or SSH-Askpass, and enabli...
CVE-2016-7406
Dropbear SSH before 2016.74 is vulnerable to a format-string vulnerability in the username or host arguments, enabling remote code execution. The CVE-2016-7406 entry describes this flaw and references that upgrades to version 2016.74 or later mitigate it. Connected sources also note related advis...
CVE-2020-36254
CVE-2020-36254 : In Dropbear, the SCP client (scp.c) before version 2020.79 mishandles the filename of “.” or an empty filename, related to CVE-2018-20685. Affected: Dropbear releases prior to 2020.79. Impact and exploit details are not provided beyond the filename handling issue in scp. Remediat...
CVE-2016-3116
Dropbear SSH CVE-2016-3116 is a CRLF injection vulnerability in Dropbear prior to 2016.72 that allows remote authenticated users to bypass targeted shell-command restrictions via crafted X11 forwarding data. The CNVD entry (CNVD-2016-01816) mirrors this, stating the vulnerability exists in Dropbe...
CVE-2017-9078
CVE-2017-9078 affects Dropbear server prior to 2017.75, where a post-authentication double-free during TCP listener cleanup (when -a is enabled) could allow root remote code execution. The connected sources document the vulnerability and its Fix: Dropbear updates to 2017.75+ (and related advisori...
CVE-2019-12953
The CVE-2019-12953 entry concerns Dropbear SSH prior to patched releases (2011.54–2018.76) and describes an information-disclosure via an inconsistent failure delay that may reveal valid usernames, a separate issue from CVE-2018-15599. Connected sources confirm affected software is Dropbear and i...
CVE-2018-15599
CVE-2018-15599 affects Dropbear up to version 2018.76, where recv_msg_userauth_request in svr-auth.c allows user enumeration because handling of SSH_MSG_USERAUTH fields varies with username validity. The NVD metrics show CVSS v3 base 5.3 (network, low complexity, no user interaction) and CVSS v2 ...
CVE-2017-9079
Dropbear before 2017.75 may allow local users to read files as root when ~/.ssh/authorized_keys contains a command= option. The root privilege is involved because authorized_keys is read with root privileges and symlinks are followed. The underlying issue is that Dropbear parsed authorized_keys a...
CVE-2016-7409
Dropbear SSH (dbclient and server) before 2016.74 is vulnerable when built with DEBUG_TRACE: local users can read process memory via the -v argument due to a failed remote ident. This CVE affects Dropbear versions prior to 2016.74; remediation is to upgrade to 2016.74 or newer. No exploit details...
CVE-2016-7408
CVE-2016-7408 affects the Dropbear SSH project, specifically the dbclient component. The vulnerability arises in Dropbear dbclient before 2016.74, where a crafted -m or -c argument allows remote attackers to execute arbitrary code. The issue is rated with high impact (CVE-2016-7408) and is discus...
CVE-2013-4421
CVE-2013-4421 affects Dropbear SSH Server prior to 2013.59, where the buf_decompress function in packet.c can be exploited by a compressed packet with large size to cause a denial of service via memory exhaustion. Public references describe the impact as memory consumption and note fixes in later...
CVE-2012-0920
Dropbear SSH Server 0.52–2012.54 is affected by a use-after-free (UAF) vulnerability when command restriction and public key authentication are enabled, exploitable by remote authenticated users via crafted command requests related to channels concurrency. Impact per sources includes arbitrary co...
CVE-2013-4434
Dropbear SSH Server before 2013.59 is affected by CVE-2013-4434: authentication error messages reveal valid usernames via different delay depending on account existence. Public docs confirm the issue and cite a patch release (2013.60) that fixes this and related CVE-2013-4421; openSUSE/Mandriva a...
CVE-2005-4178
CVE-2005-4178 refers to a buffer overflow in Dropbear SSH server prior to 0.47. The vulnerability arises from a memory allocation issue caused by an incorrect order of operations in an input handling path, allowing an authenticated user to execute arbitrary code on the server with the server user...
CVE-2017-2659
CVE-2017-2659 affects dropbear prior to 2013.59, where GSSAPI authentication failures are incorrectly counted toward the maximum password attempts when an invalid username is supplied. This leaks whether a username is valid or invalid during authentication, exposing a side channel that can aid cr...
CVE-2004-2486
The CVE-2004-2486 entry concerns Dropbear SSH Server before version 0.43, where the DSS verification code frees uninitialized variables. This memory handling issue could allow remote attackers to gain access. The available connected documents consistently identify the affected component (Dropbear...
CVE-2007-1099
Dropbear
CVE-2006-1206
CVE-2006-1206 affects Dropbear SSH server 0.47 and earlier. The issue allows remote attackers to cause a denial of service by exhausting connection slots (MAX_UNAUTH_CLIENTS = 30) with a high rate of connection attempts. Impact is partial availability. Documented in multiple sources (NVD SUSE OSV...