UBUNTU-CVE-2016-7406

See a problem?

Source

https://ubuntu.com/security/CVE-2016-7406

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7406.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7406

Related

CVE-2016-7406

Published

2017-03-03T16:59:00Z

Modified

2024-10-15T14:05:53Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dropbear

Package

Name: dropbear
Purl: pkg:deb/ubuntu/dropbear?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2014.*

2014.65-1ubuntu2

2015.*

2015.68-1

2015.70-1

2015.71-1

2016.*

2016.72-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}