Vulnerability Description
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | <= 2016.73 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/09/15/2Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/92974Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1376353Issue Tracking
- https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcbIssue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201702-23PatchThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Aug/35
- http://www.openwall.com/lists/oss-security/2016/09/15/2Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/92974Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1376353Issue Tracking
- https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcbIssue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201702-23PatchThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-7406?
CVE-2016-7406 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
How severe is CVE-2016-7406?
CVE-2016-7406 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-7406?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh.