CVE-2016-7406
NONE EPSS 95.2%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Threat Intelligence
EPSS Exploit Probability
95.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | * | ≤2016.73 |
References 6
- seclists.org http://seclists.org/fulldisclosure/2024/Aug/35
- openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
- securityfocus.com http://www.securityfocus.com/bid/92974
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
- security.gentoo.org https://security.gentoo.org/glsa/201702-23
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
- security.gentoo.org https://security.gentoo.org/glsa/201702-23