CVE-2016-7406
dropbear - security update
9.8
CRITICAL
CVSS 3.1
EPSS 25.3%
Description
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
How to fix CVE-2016-7406
To remediate CVE-2016-7406, upgrade the affected package to a fixed version below.
- Debian/dropbear—upgrade to 2016.74-1 or later
- Debian/dropbear—upgrade to 2012.55-1.3+deb7u1 or later
Is CVE-2016-7406 being exploited?
Moderate — EPSS is 25.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2016.74-1
- from 0, < 2012.55-1.3+deb7u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |