7.1
CVE-2012-0920
- EPSS 6.49%
- Veröffentlicht 05.06.2012 22:55:09
- Zuletzt bearbeitet 16.06.2026 23:38:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dropbear Ssh Project ≫ Dropbear Ssh Version >= 0.52 <= 2012.54
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.49% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 3.9 | 10 |
AV:N/AC:H/Au:S/C:C/I:C/A:C
|
http://matt.ucc.asn.au/dropbear/CHANGES
http://secunia.com/advisories/48147
http://secunia.com/advisories/48929
http://www.debian.org/security/2012/dsa-2456
http://www.osvdb.org/79590
http://www.securityfocus.com/bid/52159
https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
https://www.mantor.org/~northox/misc/CVE-2012-0920.html