CVE-2004-2486
EPSS 2.2%
Description
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
How to fix CVE-2004-2486
To remediate CVE-2004-2486, upgrade the affected package to a fixed version below.
- Debian/dropbear—upgrade to 0.43-2 or later
Is CVE-2004-2486 being exploited?
Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.43-2