CVE-2004-2486
published 2004-12-31CVE-2004-2486: The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.03%
85.8th percentile
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unified_ip_phone_overflow_and | — | — |
| debian | dropbear | < dropbear 0.43-2 (bookworm) | dropbear 0.43-2 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | < 0.43 | 0.43 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.43-2 | 0.43-2 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.43-2 | 0.43-2 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.43-2 | 0.43-2 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 0.43-2 | 0.43-2 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_cisco10.0CRITICAL
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q4w7-77p6-6mqm: The DSS verification code in Dropbear SSH Server before 0
ghsa_unreviewed·2022-04-29
CVE-2004-2486 [HIGH] GHSA-q4w7-77p6-6mqm: The DSS verification code in Dropbear SSH Server before 0
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
OSV
CVE-2004-2486: The DSS verification code in Dropbear SSH Server before 0
osv·2004-12-31·CVSS 7.5
CVE-2004-2486 [HIGH] CVE-2004-2486: The DSS verification code in Dropbear SSH Server before 0
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Cisco
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
vendor_cisco·2008-02-13·CVSS 10.0
CVE-2004-2486 [CRITICAL] CWE-119 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
Cisco Unified IP Phone models contain multiple overflow and denial of
service (DoS) vulnerabilities. There are workarounds for several of these
vulnerabilities. Cisco has made free software available to address this issue
for affected customers.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080213-phone.
Debian
CVE-2004-2486: dropbear - The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized...
vendor_debian·2004·CVSS 7.5
CVE-2004-2486 [HIGH] CVE-2004-2486: dropbear - The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized...
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
Scope: local
bookworm: resolved (fixed in 0.43-2)
bullseye: resolved (fixed in 0.43-2)
forky: resolved (fixed in 0.43-2)
sid: resolved (fixed in 0.43-2)
trixie: resolved (fixed in 0.43-2)
Cisco
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
vendor_cisco
CVE-2004-2486 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
CVE-2004-2486: Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities
Cisco Unified IP Phone models contain multiple overflow and denial of service (DoS) vulnerabilities. There are
CWE: CWE-119, CWE-399, CWE-119, CWE-399
Bug IDs: CSCsj74818, CSCsk21863, CSCsh71110, CSCsk20026, CSCsh79629
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://matt.ucc.asn.au/dropbear/CHANGEShttp://secunia.com/advisories/12153http://secunia.com/advisories/28935http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtmlhttp://www.osvdb.org/8137http://www.securityfocus.com/bid/10803http://www.vupen.com/english/advisories/2008/0543https://exchange.xforce.ibmcloud.com/vulnerabilities/16810https://exchange.xforce.ibmcloud.com/vulnerabilities/40490http://matt.ucc.asn.au/dropbear/CHANGEShttp://secunia.com/advisories/12153http://secunia.com/advisories/28935http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtmlhttp://www.osvdb.org/8137http://www.securityfocus.com/bid/10803http://www.vupen.com/english/advisories/2008/0543https://exchange.xforce.ibmcloud.com/vulnerabilities/16810https://exchange.xforce.ibmcloud.com/vulnerabilities/40490
2004-12-31
Published