Release | Version |
---|---|
jessie | 2014.65-1+deb8u3 |
stretch | 2016.74-5+deb9u1 |
buster | 2018.76-5+deb10u1 |
buster (security) | 2018.76-5+deb10u2 |
bullseye | 2020.81-3+deb11u1 |
bookworm | 2022.83-1+deb12u1 |
trixie | 2024.85-1 |
sid | 2024.85-1 |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2023-48795 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
CVE-2021-36369 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | An issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ... |
CVE-2019-12953 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | fixed | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ... |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2020-36254 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ... |
CVE-2016-7409 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | The dbclient and server in Dropbear SSH before 2016.74, when compiled ... |
Bug | Description |
---|---|
CVE-2018-15599 | The recv_msg_userauth_request function in svr-auth.c in Dropbear throu ... |
CVE-2017-9079 | Dropbear before 2017.75 might allow local users to read certain files ... |
CVE-2017-9078 | The server in Dropbear before 2017.75 might allow post-authentication ... |
CVE-2017-2659 | It was found that dropbear before version 2013.59 with GSSAPI leaks wh ... |
CVE-2016-7408 | The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ... |
CVE-2016-7407 | The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ... |
CVE-2016-7406 | Format string vulnerability in Dropbear SSH before 2016.74 allows remo ... |
CVE-2016-3116 | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ... |
CVE-2013-4434 | Dropbear SSH Server before 2013.59 generates error messages for a fail ... |
CVE-2013-4421 | The buf_decompress function in packet.c in Dropbear SSH Server before ... |
CVE-2012-0920 | Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012. ... |
CVE-2007-1099 | dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ... |
CVE-2006-1206 | Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedde ... |
CVE-2006-0225 | scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands vi ... |
CVE-2005-4178 | Buffer overflow in Dropbear server before 0.47 allows authenticated us ... |
CVE-2004-2486 | The DSS verification code in Dropbear SSH Server before 0.43 frees uni ... |
DSA / DLA | Description |
---|---|
DLA-3187-1 | dropbear - security update |
DLA-1476-1 | dropbear - security update |
DLA-948-1 | dropbear - security update |
DSA-3859-1 | dropbear - security update |
DLA-634-1 | dropbear - security update |
DSA-2456-1 | dropbear - use after free |
DSA-923-1 | dropbear - buffer overflow |