5.5
CVE-2016-7409
- EPSS 0.45%
- Veröffentlicht 03.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dropbear Ssh Project ≫ Dropbear Ssh Version <= 2016.73
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.358 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.openwall.com/lists/oss-security/2016/09/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=1376353
https://security.gentoo.org/glsa/201702-23
http://www.securityfocus.com/bid/92973
https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04