cbcvebase.
CVE-2016-7409
published 2017-03-03

CVE-2016-7409: The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related…

PriorityP422medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.45%
36.0th percentile
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandropbear< dropbear 2016.74-1 (bookworm)dropbear 2016.74-1 (bookworm)
dropbear_ssh_projectdropbear_ssh<= 2016.73
dropbear_ssh_projectdropbear_ssh>= 0 < 2016.74-12016.74-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2016.74-12016.74-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2016.74-12016.74-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2016.74-12016.74-1

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.