CVE-2012-0920

NONE EPSS 92.9%
Published Jun 5, 201214y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jun 5, 2012 14y ago
Last Modified Jun 16, 2026 2w ago

Description

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Threat Intelligence

EPSS Exploit Probability
92.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-399

Affected Products 3

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh*≥0.52  –  ≤2012.54
debiandebian_linux6.0any
debiandebian_linux7.0any

References 9

  • matt.ucc.asn.au http://matt.ucc.asn.au/dropbear/CHANGES
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/48147
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/48929
    Third Party Advisory
  • debian.org http://www.debian.org/security/2012/dsa-2456
    Third Party Advisory
  • osvdb.org http://www.osvdb.org/79590
    Broken Link
  • securityfocus.com http://www.securityfocus.com/bid/52159
    Third Party AdvisoryVDB Entry
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
    Third Party AdvisoryVDB Entry
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
    Vendor Advisory
  • mantor.org https://www.mantor.org/~northox/misc/CVE-2012-0920.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.