Dropbear Ssh Project: >> Dropbear Ssh >> 2011.54 Security Vulnerabilities
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVSS Score
8.8
EPSS Score
0.024
Published
2017-03-03
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-03
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVSS Score
6.4
EPSS Score
0.276
Published
2016-03-22
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
CVSS Score
5.0
EPSS Score
0.259
Published
2013-10-25
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
CVSS Score
5.0
EPSS Score
0.039
Published
2013-10-25
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
CVSS Score
7.1
EPSS Score
0.018
Published
2012-06-05
Page 2