CVE-2016-7407

NONE EPSS 91.9%
Published Mar 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.

Threat Intelligence

EPSS Exploit Probability
91.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
dropbear_ssh_projectdropbear_ssh* ≤2016.73

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/92972
    Third Party AdvisoryVDB Entry
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1376353
    Issue Tracking
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/09/15/2
    Mailing ListPatchThird Party Advisory
  • secure.ucc.asn.au https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
    Issue TrackingPatchThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201702-23
    PatchThird Party AdvisoryVDB Entry