pkg:Debian/dropbear

All known vulnerabilities

• CRITICAL9.8CVE-2016-7407The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
  from 0, < 2016.74-1
• CRITICAL9.8CVE-2016-7406dropbear - security update
  from 0, < 2012.55-1.3+deb7u1
• CRITICAL9.8CVE-2016-7406dropbear - security update
  from 0, < 2016.74-1
• HIGH8.8CVE-2017-9078dropbear - security update
  from 0, < 2016.74-5
• HIGH8.8CVE-2017-9078dropbear - security update
  from 0, < 2014.65-1+deb8u2
• HIGH8.8CVE-2016-7408The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
  from 0, < 2016.74-1
• HIGH8.1CVE-2020-36254scp.c in Dropbear before 2020.79 mishandles the filename of .
  from 0, < 2020.79-1
• HIGH7.5CVE-2021-36369dropbear - security update
  from 0, < 2020.81-3+deb11u1
• HIGH7.5CVE-2021-36369dropbear - security update
  from 0, < 2018.76-5+deb10u2
• HIGH7.5CVE-2017-2659It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid.
  from 0, < 2013.60-1
• MEDIUM6.4CVE-2016-3116CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions…
  from 0, < 2016.72-1
• MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
  from 0, < 2020.81-3+deb11u1
• MEDIUM5.5CVE-2016-7409The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -…
  from 0, < 2016.74-1
• MEDIUM5.4CVE-2025-14282dropbear - security update
  from 0, < 2025.89-1~deb13u1
• MEDIUM5.4CVE-2025-14282dropbear - security update
  from 0, < 2025.89-1~deb13u1
• MEDIUM5.3CVE-2019-12953Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2…
  from 0, < 2019.78-1
• MEDIUM5.3CVE-2018-15599dropbear - security update
  from 0, < 2014.65-1+deb8u3
• MEDIUM5.3CVE-2018-15599dropbear - security update
  from 0, < 2018.76-4
• MEDIUM4.7CVE-2017-9079dropbear - security update
  from 0, < 2016.74-5
• MEDIUM4.7CVE-2017-9079dropbear - security update
  from 0, < 2012.55-1.3+deb7u2
• MEDIUM4.5CVE-2025-47203dropbear - security update
  from 0, < 2020.81-3+deb11u3
• MEDIUM4.5CVE-2025-47203dropbear - security update
  from 0, < 2020.81-3+deb11u3
• —CVE-2026-3706A vulnerability was determined in mkj Dropbear up to 2025.89.
  from 0
• —CVE-2013-4434Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the…
  from 0, < 2012.55-1.4
• —CVE-2013-4421The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory…
  from 0, < 2012.55-1.4
• —CVE-2012-0920dropbear - use after free
  from 0, < 2012.55-1
• —CVE-2012-0920dropbear - use after free
  from 0, < 0.52-5+squeeze1
• —CVE-2007-1099dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remot…
  from 0, < 0.49-1
• —CVE-2006-1206Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remo…
  from 0, < 0.48-1
• —CVE-2006-0225scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are ex…
  from 0, < 0.48-1
• —CVE-2005-4178dropbear - buffer overflow
  from 0, < 0.47-1
• —CVE-2005-4178dropbear - buffer overflow
  from 0, < 0.45-2sarge0
• —CVE-2004-2486The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain acce…
  from 0, < 0.43-2