cbcvebase.
CVE-2012-0920
published 2012-06-05

CVE-2012-0920: Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote…

PriorityP340high7.1CVSS 2.0
AVNACHAuSCCICAC
EPSS
6.49%
92.9th percentile
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Affected

8 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandropbear< dropbear 2012.55-1 (bookworm)dropbear 2012.55-1 (bookworm)
dropbear_ssh_projectdropbear_ssh>= 0 < 2012.55-12012.55-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2012.55-12012.55-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2012.55-12012.55-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2012.55-12012.55-1
dropbear_ssh_projectdropbear_ssh0.52 – 2012.54

CVSS provenance

nvdv2.07.1HIGHAV:N/AC:H/Au:S/C:C/I:C/A:C
osv7.1HIGH
vendor_debian7.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.