CVE-2016-3116

Опубликовано: 22 мар. 2016

Источник: debian

EPSS Средний

Описание

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
dropbear	fixed	2016.72-1		package
dropbear	fixed	2014.65-1+deb8u1	jessie	package
dropbear	no-dsa		wheezy	package

Примечания

https://matt.ucc.asn.au/dropbear/CHANGES
Fixed in 2016.72 upstream

EPSS

Процентиль: 96%

0.27583

Средний

Связанные уязвимости

CVE-2016-3116

CVSS3: 6.4

ubuntu

почти 10 лет назад

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

CVE-2016-3116

CVSS3: 6.4

nvd

почти 10 лет назад

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

openSUSE-SU-2016:0882-1

suse-cvrf

почти 10 лет назад

Security update for dropbear

GHSA-qrcr-w7v9-jxvw

CVSS3: 6.4

github

больше 3 лет назад

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

EPSS

Процентиль: 96%

0.27583

Средний