CVE-2004-2486Improper Restriction of Operations within the Bounds of a Memory Buffer in SSH Project Dropbear SSH

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3996 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dropbear SSH Project Dropbear SSHDebian DropbearCisco Unified IP Phone Overflow AND
Timeline
PublishedDec 31
Latest updateApr 29

Description

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

debiandebian/dropbear< dropbear 0.43-2 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-q4w7-77p6-6mqm: The DSS verification code in Dropbear SSH Server before 02022-04-29
OSV
CVE-2004-2486: The DSS verification code in Dropbear SSH Server before 02004-12-31

📋Vendor Advisories

3
Cisco
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities2008-02-13
Debian
CVE-2004-2486: dropbear - The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized...2004
Cisco
Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities