CVE-2016-7407Improper Input Validation in Dropbear

CWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 22.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dropbear SSH Project Dropbear SSHDebian Dropbear
Timeline
PublishedMar 3
Latest updateMay 17

Description

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/dropbear< dropbear 2016.74-1 (bookworm)
Debiandropbear_ssh_project/dropbear_ssh< 2016.74-1+3

Patches

Patch: www.openwall.comPatch: secure.ucc.asn.auPatch: security.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-44f9-2mmc-8wmx: The dropbearconvert command in Dropbear SSH before 20162022-05-17
OSV
CVE-2016-7407: The dropbearconvert command in Dropbear SSH before 20162017-03-03

📋Vendor Advisories

1
Debian
CVE-2016-7407: dropbear - The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to e...2016

💬Community

1
Bugzilla
CVE-2016-7406 CVE-2016-7407 CVE-2016-7408 CVE-2016-7409 dropbear: Multiple issues fixed in dropbear 2016.742016-09-15