cbcvebase.
CVE-2020-36254
published 2021-02-25

CVE-2020-36254: scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

PriorityP339high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.55%
72.1th percentile
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandropbear< dropbear 2020.79-1 (bookworm)dropbear 2020.79-1 (bookworm)
dropbear_ssh_projectdropbear_ssh< 2020.792020.79
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.79-12020.79-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.79-12020.79-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.79-12020.79-1
dropbear_ssh_projectdropbear_ssh>= 0 < 2020.79-12020.79-1

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.3MEDIUM
vendor_debian5.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.