Lucene search
K
Dropbear Ssh ProjectDropbear Ssh

20 matches found

CVE
CVE
added 2023/12/18 12:0 a.m.4926 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.93305EPSS
CVE
CVE
added 2017/03/03 4:0 p.m.580 views

CVE-2016-7407

CVE-2016-7407 affects Dropbear SSH. The dropbearconvert tool allows arbitrary code execution via a crafted OpenSSH key file due to improper handling of ASN.1 OpenSSH keys in Dropbear before version 2016.74. The impact is remote code execution with the privileges of the dropbearconvert/dropped pro...

10CVSS9.4AI score0.05542EPSS
CVE
CVE
added 2022/10/12 12:0 a.m.458 views

CVE-2021-36369

CVE-2021-36369 affects Dropbear up to version 2020.81. The issue stems from a non-RFC-compliant check of available authentication methods in the client-side SSH code, allowing an SSH server to influence the login process, bypassing security measures such as FIDO2 tokens or SSH-Askpass, and enabli...

7.5CVSS7.4AI score0.01348EPSS
CVE
CVE
added 2017/03/03 4:0 p.m.407 views

CVE-2016-7406

Dropbear SSH before 2016.74 is vulnerable to a format-string vulnerability in the username or host arguments, enabling remote code execution. The CVE-2016-7406 entry describes this flaw and references that upgrades to version 2016.74 or later mitigate it. Connected sources also note related advis...

10CVSS9.6AI score0.10494EPSS
CVE
CVE
added 2021/02/25 8:29 a.m.381 views

CVE-2020-36254

CVE-2020-36254 : In Dropbear, the SCP client (scp.c) before version 2020.79 mishandles the filename of “.” or an empty filename, related to CVE-2018-20685. Affected: Dropbear releases prior to 2020.79. Impact and exploit details are not provided beyond the filename handling issue in scp. Remediat...

8.1CVSS6.3AI score0.01554EPSS
CVE
CVE
added 2016/03/22 10:0 a.m.342 views

CVE-2016-3116

Dropbear SSH CVE-2016-3116 is a CRLF injection vulnerability in Dropbear prior to 2016.72 that allows remote authenticated users to bypass targeted shell-command restrictions via crafted X11 forwarding data. The CNVD entry (CNVD-2016-01816) mirrors this, stating the vulnerability exists in Dropbe...

6.4CVSS5.9AI score0.19302EPSS
CVE
CVE
added 2017/05/19 2:0 p.m.330 views

CVE-2017-9078

CVE-2017-9078 affects Dropbear server prior to 2017.75, where a post-authentication double-free during TCP listener cleanup (when -a is enabled) could allow root remote code execution. The connected sources document the vulnerability and its Fix: Dropbear updates to 2017.75+ (and related advisori...

8.8CVSS8.6AI score0.05142EPSS
CVE
CVE
added 2020/12/30 7:33 p.m.293 views

CVE-2019-12953

The CVE-2019-12953 entry concerns Dropbear SSH prior to patched releases (2011.54–2018.76) and describes an information-disclosure via an inconsistent failure delay that may reveal valid usernames, a separate issue from CVE-2018-15599. Connected sources confirm affected software is Dropbear and i...

5.3CVSS5AI score0.01179EPSS
CVE
CVE
added 2018/08/21 1:0 a.m.272 views

CVE-2018-15599

CVE-2018-15599 affects Dropbear up to version 2018.76, where recv_msg_userauth_request in svr-auth.c allows user enumeration because handling of SSH_MSG_USERAUTH fields varies with username validity. The NVD metrics show CVSS v3 base 5.3 (network, low complexity, no user interaction) and CVSS v2 ...

5.3CVSS5.8AI score0.02709EPSS
CVE
CVE
added 2017/05/19 2:0 p.m.201 views

CVE-2017-9079

Dropbear before 2017.75 may allow local users to read files as root when ~/.ssh/authorized_keys contains a command= option. The root privilege is involved because authorized_keys is read with root privileges and symlinks are followed. The underlying issue is that Dropbear parsed authorized_keys a...

4.7CVSS5.6AI score0.00297EPSS
CVE
CVE
added 2017/03/03 4:0 p.m.183 views

CVE-2016-7409

Dropbear SSH (dbclient and server) before 2016.74 is vulnerable when built with DEBUG_TRACE: local users can read process memory via the -v argument due to a failed remote ident. This CVE affects Dropbear versions prior to 2016.74; remediation is to upgrade to 2016.74 or newer. No exploit details...

5.5CVSS6.7AI score0.00452EPSS
CVE
CVE
added 2017/03/03 4:0 p.m.173 views

CVE-2016-7408

CVE-2016-7408 affects the Dropbear SSH project, specifically the dbclient component. The vulnerability arises in Dropbear dbclient before 2016.74, where a crafted -m or -c argument allows remote attackers to execute arbitrary code. The issue is rated with high impact (CVE-2016-7408) and is discus...

8.8CVSS9.2AI score0.03967EPSS
CVE
CVE
added 2013/10/25 11:0 p.m.164 views

CVE-2013-4421

CVE-2013-4421 affects Dropbear SSH Server prior to 2013.59, where the buf_decompress function in packet.c can be exploited by a compressed packet with large size to cause a denial of service via memory exhaustion. Public references describe the impact as memory consumption and note fixes in later...

5CVSS6.3AI score0.06424EPSS
CVE
CVE
added 2012/06/05 10:0 p.m.135 views

CVE-2012-0920

Dropbear SSH Server 0.52–2012.54 is affected by a use-after-free (UAF) vulnerability when command restriction and public key authentication are enabled, exploitable by remote authenticated users via crafted command requests related to channels concurrency. Impact per sources includes arbitrary co...

7.1CVSS9.3AI score0.06489EPSS
CVE
CVE
added 2013/10/25 11:0 p.m.92 views

CVE-2013-4434

Dropbear SSH Server before 2013.59 is affected by CVE-2013-4434: authentication error messages reveal valid usernames via different delay depending on account existence. Public docs confirm the issue and cite a patch release (2013.60) that fixes this and related CVE-2013-4421; openSUSE/Mandriva a...

5CVSS6.5AI score0.05749EPSS
CVE
CVE
added 2005/12/12 9:0 p.m.80 views

CVE-2005-4178

CVE-2005-4178 refers to a buffer overflow in Dropbear SSH server prior to 0.47. The vulnerability arises from a memory allocation issue caused by an incorrect order of operations in an input handling path, allowing an authenticated user to execute arbitrary code on the server with the server user...

6.5CVSS7.3AI score0.03441EPSS
CVE
CVE
added 2019/03/20 8:44 p.m.79 views

CVE-2017-2659

CVE-2017-2659 affects dropbear prior to 2013.59, where GSSAPI authentication failures are incorrectly counted toward the maximum password attempts when an invalid username is supplied. This leaks whether a username is valid or invalid during authentication, exposing a side channel that can aid cr...

7.5CVSS7.8AI score0.01505EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.78 views

CVE-2004-2486

The CVE-2004-2486 entry concerns Dropbear SSH Server before version 0.43, where the DSS verification code frees uninitialized variables. This memory handling issue could allow remote attackers to gain access. The available connected documents consistently identify the affected component (Dropbear...

7.5CVSS6.9AI score0.03028EPSS
CVE
CVE
added 2007/02/26 5:0 p.m.73 views

CVE-2007-1099

Dropbear

7.5CVSS6.4AI score0.02103EPSS
CVE
CVE
added 2006/03/14 1:0 a.m.70 views

CVE-2006-1206

CVE-2006-1206 affects Dropbear SSH server 0.47 and earlier. The issue allows remote attackers to cause a denial of service by exhausting connection slots (MAX_UNAUTH_CLIENTS = 30) with a high rate of connection attempts. Impact is partial availability. Documented in multiple sources (NVD SUSE OSV...

5CVSS6.5AI score0.11671EPSS