CVE-2013-4421
published 2013-10-25CVE-2013-4421: The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
6.42%
92.8th percentile
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dropbear | < dropbear 2012.55-1.4 (bookworm) | dropbear 2012.55-1.4 (bookworm) |
| dropbear_ssh_project | dropbear_ssh | < 2013.59 | 2013.59 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1.4 | 2012.55-1.4 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1.4 | 2012.55-1.4 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1.4 | 2012.55-1.4 |
| dropbear_ssh_project | dropbear_ssh | >= 0 < 2012.55-1.4 | 2012.55-1.4 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8r9-3c3f-g75m: The buf_decompress function in packet
ghsa_unreviewed·2022-05-14
CVE-2013-4421 [MEDIUM] GHSA-v8r9-3c3f-g75m: The buf_decompress function in packet
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
OSV
CVE-2013-4421: The buf_decompress function in packet
osv·2013-10-25·CVSS 5.0
CVE-2013-4421 [MEDIUM] CVE-2013-4421: The buf_decompress function in packet
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
Debian
CVE-2013-4421: dropbear - The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 al...
vendor_debian·2013·CVSS 5.0
CVE-2013-4421 [MEDIUM] CVE-2013-4421: dropbear - The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 al...
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
Scope: local
bookworm: resolved (fixed in 2012.55-1.4)
bullseye: resolved (fixed in 2012.55-1.4)
forky: resolved (fixed in 2012.55-1.4)
sid: resolved (fixed in 2012.55-1.4)
trixie: resolved (fixed in 2012.55-1.4)
No detection rules found.
No public exploits indexed.
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00061.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00046.htmlhttp://secunia.com/advisories/55173http://www.openwall.com/lists/oss-security/2013/10/11/4http://www.securityfocus.com/bid/62958https://matt.ucc.asn.au/dropbear/CHANGEShttps://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6fhttps://support.citrix.com/article/CTX216642http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119300.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-October/119323.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00061.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00046.htmlhttp://secunia.com/advisories/55173http://www.openwall.com/lists/oss-security/2013/10/11/4http://www.securityfocus.com/bid/62958https://matt.ucc.asn.au/dropbear/CHANGEShttps://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6fhttps://support.citrix.com/article/CTX216642
2013-10-25
Published