Dropbear Ssh@* Security Vulnerabilities and Issues — Dropbear Ssh@* CVE List

Lucene search

Dropbear Ssh ProjectDropbear Ssh*

10 matches found

CVE•added 2023/12/18 4:15 p.m.•4038 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.65058EPSS

CVE•added 2021/02/25 9:15 a.m.•338 views

CVE-2020-36254

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

8.1CVSS6.3AI score0.02684EPSS

CVE•added 2017/05/19 2:29 p.m.•300 views

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

8.8CVSS8.6AI score0.02734EPSS

CVE•added 2017/05/19 2:29 p.m.•184 views

CVE-2017-9079

Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

4.7CVSS5.6AI score0.0013EPSS

CVE•added 2013/10/25 11:55 p.m.•74 views

CVE-2013-4421

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.

5CVSS6.3AI score0.25913EPSS

CVE•added 2013/10/25 11:55 p.m.•68 views

CVE-2013-4434

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

5CVSS6.5AI score0.01912EPSS

CVE•added 2005/12/12 9:3 p.m.•63 views

CVE-2005-4178

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

6.5CVSS7.3AI score0.01719EPSS

CVE•added 2019/03/21 3:59 p.m.•59 views

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

7.5CVSS7.8AI score0.00275EPSS

CVE•added 2007/02/26 5:28 p.m.•56 views

CVE-2007-1099

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

7.5CVSS6.4AI score0.01562EPSS

CVE•added 2005/10/25 4:0 a.m.•53 views

CVE-2004-2486

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.

7.5CVSS6.9AI score0.022EPSS