← Back to CVEs
CVE-2016-7406
N/ADescription
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
CVE Details
CVSS v3.1 ScoreN/A
Published3/3/2017
Last Modified11/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
dropbear_ssh_project:dropbear_ssh
Weaknesses (CWE)
CWE-20
References
http://www.openwall.com/lists/oss-security/2016/09/15/2(cve@mitre.org)
http://www.securityfocus.com/bid/92974(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=1376353(cve@mitre.org)
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb(cve@mitre.org)
https://security.gentoo.org/glsa/201702-23(cve@mitre.org)
http://seclists.org/fulldisclosure/2024/Aug/35(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/09/15/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92974(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1376353(af854a3a-2127-422b-91ae-364da2661108)
https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201702-23(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.