Dropbear Ssh Project: >> Dropbear Ssh >> 2012.55 Security Vulnerabilities
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVSS Score
8.8
EPSS Score
0.024
Published
2017-03-03
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-03
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVSS Score
6.4
EPSS Score
0.276
Published
2016-03-22
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
CVSS Score
5.0
EPSS Score
0.259
Published
2013-10-25
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
CVSS Score
5.0
EPSS Score
0.039
Published
2013-10-25
Page 2