CVE-2016-7406

NONE EPSS 95.2%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Threat Intelligence

EPSS Exploit Probability
95.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh* ≤2016.73

References 6

  • seclists.org http://seclists.org/fulldisclosure/2024/Aug/35
  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/92974
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
    Issue Tracking
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry