Dropbear Ssh Project: >> Dropbear Ssh >> 0.47 Security Vulnerabilities
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-03
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVSS Score
6.4
EPSS Score
0.276
Published
2016-03-22
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
CVSS Score
5.0
EPSS Score
0.259
Published
2013-10-25
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
CVSS Score
5.0
EPSS Score
0.039
Published
2013-10-25
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
CVSS Score
7.5
EPSS Score
0.015
Published
2007-02-26
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.
CVSS Score
5.0
EPSS Score
0.058
Published
2006-03-14
Page 2