CVE-2012-0920
NONE EPSS 92.9%
Published Jun 5, 201214y ago · Modified Jun 16, 20262w ago
Published Jun 5, 2012 14y ago
Last Modified Jun 16, 2026 2w ago
Description
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Threat Intelligence
EPSS Exploit Probability
92.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-399
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | * | ≥0.52 – ≤2012.54 |
| debian | debian_linux | 6.0 | any |
| debian | debian_linux | 7.0 | any |
References 9
- matt.ucc.asn.au http://matt.ucc.asn.au/dropbear/CHANGES
- secunia.com http://secunia.com/advisories/48147
- secunia.com http://secunia.com/advisories/48929
- debian.org http://www.debian.org/security/2012/dsa-2456
- osvdb.org http://www.osvdb.org/79590
- securityfocus.com http://www.securityfocus.com/bid/52159
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
- mantor.org https://www.mantor.org/~northox/misc/CVE-2012-0920.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.