ID CVE-2013-4421
Summary The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 62958
confirm
fedora
  • FEDORA-2013-18593
  • FEDORA-2013-18606
mlist [oss-security] 20131010 Re: CVE Request: dropbear sshd daemon 2013.59 release
secunia 55173
suse
  • openSUSE-SU-2013:1616
  • openSUSE-SU-2013:1696
Last major update 30-10-2018 - 16:28
Published 25-10-2013 - 23:55
Last modified 30-10-2018 - 16:28
Back to Top