Описание
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dropbear | fixed | 2025.88-1 | package | |
| dropbear | fixed | 2022.83-1+deb12u3 | bookworm | package |
Примечания
Fixed by: https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b (DROPBEAR_2025.88)
Связанные уязвимости
CVSS3: 4.5
ubuntu
9 месяцев назад
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
CVSS3: 4.5
nvd
9 месяцев назад
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.
CVSS3: 4.5
github
9 месяцев назад
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.