8.8

CVE-2017-9078

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dropbear Ssh ProjectDropbear Ssh Version < 2017.75
DebianDebian Linux Version8.0
NetappH410c Firmware Version-
   NetappH410c Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.14% 0.913
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
Patch
Third Party Advisory
Mailing List
http://www.debian.org/security/2017/dsa-3859
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0006/
Third Party Advisory