CVE-2016-7406

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-7406

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7406.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-7406

Related

Published

2017-03-03T16:59:00Z

Modified

2024-09-18T01:00:21Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

References

Affected packages

Debian:11 / dropbear

Package

Name: dropbear
Purl: pkg:deb/debian/dropbear?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2016.74-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dropbear

Package

Name: dropbear
Purl: pkg:deb/debian/dropbear?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2016.74-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dropbear

Package

Name: dropbear
Purl: pkg:deb/debian/dropbear?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2016.74-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}