CVE-2016-7407
NONE EPSS 91.9%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
Threat Intelligence
EPSS Exploit Probability
91.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| dropbear_ssh_project | dropbear_ssh | * | ≤2016.73 |
References 5
- openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
- securityfocus.com http://www.securityfocus.com/bid/92972
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
- security.gentoo.org https://security.gentoo.org/glsa/201702-23
Remediation
- openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
- secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
- security.gentoo.org https://security.gentoo.org/glsa/201702-23