CVE-2005-4178 — Improper Restriction of Operations within the Bounds of a Memory Buffer in SSH Project Dropbear SSH

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

1.7%

top 17.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dropbear SSH Project Dropbear SSH Debian Dropbear Debian Linux

Timeline

PublishedDec 12

Latest updateMay 1

Description

Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/dropbear< dropbear 0.47-1 (bookworm)

▶NVDdropbear_ssh_project/dropbear_ssh< 0.47

▶Debiandropbear_ssh_project/dropbear_ssh< 0.47-1+3

Also affects: Debian Linux 3.0, 3.1

Patches

Patch: lists.ucc.gu.uwa.edu.au ↗Patch: matt.ucc.asn.au ↗Patch: lists.ucc.gu.uwa.edu.au ↗

🔴Vulnerability Details

GHSA

GHSA-6483-gg6m-x7w8: Buffer overflow in Dropbear server before 0↗2022-05-01

▶

OSV

CVE-2005-4178: Buffer overflow in Dropbear server before 0↗2005-12-12

▶

📋Vendor Advisories

Debian

CVE-2005-4178: dropbear - Buffer overflow in Dropbear server before 0.47 allows authenticated users to exe...↗2005

▶