cvelistv5 - cve-2016-7406

CVE-2016-7406 (GCVE-0-2016-7406)

Vulnerability from cvelistv5

Published

2017-03-03 16:00

Modified

2025-11-04 16:09

Severity ?

CWE

Summary

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-jvpx-9hv9-4qf6

Vulnerability from github

Published

2022-05-17 02:56

Modified

2025-11-04 18:30

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7406"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-03T16:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.",
  "id": "GHSA-jvpx-9hv9-4qf6",
  "modified": "2025-11-04T18:30:33Z",
  "published": "2022-05-17T02:56:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7406"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
    },
    {
      "type": "WEB",
      "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-23"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Aug/35"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92974"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

sca-2022-0007

Vulnerability from csaf_sick

Published

2022-04-21 15:00

Modified

2022-04-21 15:00

Summary

Vulnerabilities in SICK MARSIC300

Notes

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

SICK received a report about multiple security vulnerabilities in the SICK MARSIC300 device. The security vulnerabilities are caused by the third-party library Dropbear, which is used by the SICK MARSIC300 to provide SSH communication. A successful exploitation of these vulnerabilities could lead to a remote code execution. SICK has released a new version of the SICK MARSIC300 firmware and recommends updating to the newest version.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      },
      {
        "category": "summary",
        "text": "SICK received a report about multiple security vulnerabilities in the SICK MARSIC300 device. The security vulnerabilities are caused by the third-party library Dropbear, which is used by the SICK MARSIC300 to provide SSH communication. A successful exploitation of these vulnerabilities could lead to a remote code execution.\n\nSICK has released a new version of the SICK MARSIC300 firmware and recommends updating to the newest version."
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0007.json"
      }
    ],
    "title": "Vulnerabilities in SICK MARSIC300",
    "tracking": {
      "current_release_date": "2022-04-21T15:00:00.000Z",
      "generator": {
        "date": "2023-02-10T09:22:54.049Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2022-0007",
      "initial_release_date": "2022-04-21T15:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-04-21T15:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2022-04-22T10:00:00.000Z",
          "number": "2",
          "summary": "Fixed TLP classification"
        },
        {
          "date": "2023-02-10T11:00:00.000Z",
          "number": "3",
          "summary": "Updated Advisory (only visual changes)"
        },
        {
          "date": "2025-07-30T07:29:45.000Z",
          "number": "4",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MARSIC300 all versions",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p475061"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MARSIC300"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1EU4_220310",
                "product": {
                  "name": "SICK MARSIC300 Firmware \u003c1EU4_220310",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version",
                "name": "1EU4 220310",
                "product": {
                  "name": "SICK MARSIC300 Firmware 1EU4 220310",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MARSIC300 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MARSIC300 with Firmware \u003c1EU4_220310",
          "product_id": "CSAFPID-0004"
        },
        "product_reference": "CSAFPID-0002",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MARSIC300 with Firmware 1EU4 220310",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-0003",
        "relates_to_product_reference": "CSAFPID-0001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7406",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute \narbitrary code via format string specifiers in the (1) username or (2) host argument.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0005"
        ],
        "known_affected": [
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE Entry",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7406"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-04-21T15:00:00.000Z",
          "details": "SICK has released a new version of the SICK MARSIC300 firmware and recommends updating\nto the newest version.",
          "product_ids": [
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-7407",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary \ncode via a crafted OpenSSH key file.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0003"
        ],
        "known_affected": [
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE Entry",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

SCA-2022-0007

Vulnerability from csaf_sick

Published

2022-04-21 15:00

Modified

2022-04-21 15:00

Summary

Vulnerabilities in SICK MARSIC300

Notes

General Security Measures

Vulnerability Classification

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      },
      {
        "category": "summary",
        "text": "SICK received a report about multiple security vulnerabilities in the SICK MARSIC300 device. The security vulnerabilities are caused by the third-party library Dropbear, which is used by the SICK MARSIC300 to provide SSH communication. A successful exploitation of these vulnerabilities could lead to a remote code execution.\n\nSICK has released a new version of the SICK MARSIC300 firmware and recommends updating to the newest version."
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0007.json"
      }
    ],
    "title": "Vulnerabilities in SICK MARSIC300",
    "tracking": {
      "current_release_date": "2022-04-21T15:00:00.000Z",
      "generator": {
        "date": "2023-02-10T09:22:54.049Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2022-0007",
      "initial_release_date": "2022-04-21T15:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-04-21T15:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2022-04-22T10:00:00.000Z",
          "number": "2",
          "summary": "Fixed TLP classification"
        },
        {
          "date": "2023-02-10T11:00:00.000Z",
          "number": "3",
          "summary": "Updated Advisory (only visual changes)"
        },
        {
          "date": "2025-07-30T07:29:45.000Z",
          "number": "4",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK MARSIC300 all versions",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "x_generic_uris": [
                      {
                        "namespace": "SICK:Website",
                        "uri": "SICK:Website:https://www.sick.com/de/de/p/p475061"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MARSIC300"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1EU4_220310",
                "product": {
                  "name": "SICK MARSIC300 Firmware \u003c1EU4_220310",
                  "product_id": "CSAFPID-0002"
                }
              },
              {
                "category": "product_version",
                "name": "1EU4 220310",
                "product": {
                  "name": "SICK MARSIC300 Firmware 1EU4 220310",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MARSIC300 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MARSIC300 with Firmware \u003c1EU4_220310",
          "product_id": "CSAFPID-0004"
        },
        "product_reference": "CSAFPID-0002",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK MARSIC300 with Firmware 1EU4 220310",
          "product_id": "CSAFPID-0005"
        },
        "product_reference": "CSAFPID-0003",
        "relates_to_product_reference": "CSAFPID-0001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-7406",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute \narbitrary code via format string specifiers in the (1) username or (2) host argument.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0005"
        ],
        "known_affected": [
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE Entry",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7406"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-04-21T15:00:00.000Z",
          "details": "SICK has released a new version of the SICK MARSIC300 firmware and recommends updating\nto the newest version.",
          "product_ids": [
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-7407",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary \ncode via a crafted OpenSSH key file.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0003"
        ],
        "known_affected": [
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE Entry",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7407"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2016-7406

Vulnerability from fkie_nvd

Published

2017-03-03 16:59

Modified

2025-11-04 16:15

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/09/15/2	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/92974	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1376353	Issue Tracking
cve@mitre.org	https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201702-23	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Aug/35
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/09/15/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92974	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1376353	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201702-23	Patch, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	dropbear_ssh_project	dropbear_ssh	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "531C1EEF-E881-499C-9C92-DE6C2E547732",
              "versionEndIncluding": "2016.73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de formato de cadena en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de cadena de formato en el (1) nombre de usuario o (2) argumento de anfitri\u00f3n."
    }
  ],
  "id": "CVE-2016-7406",
  "lastModified": "2025-11-04T16:15:38.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-03T16:59:00.387",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92974"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://security.gentoo.org/glsa/201702-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Aug/35"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://security.gentoo.org/glsa/201702-23"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-07881

Vulnerability from cnvd

Title

Dropbear SSH格式字符串漏洞

Description

Dropbear是一个相对较小的SSH服务器和客户端。 Dropbear SSH存在格式字符串漏洞，允许攻击者在应用程序的上下文中执行任意代码。

Severity

高

Patch Name

Dropbear SSH格式字符串漏洞的补丁

Patch Description

Dropbear是一个相对较小的SSH服务器和客户端。 Dropbear SSH存在格式字符串漏洞，允许攻击者在应用程序的上下文中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前该漏洞已在Dropbear 2016.74中修复，详情请关注厂商主页或有关网址： https://matt.ucc.asn.au/dropbear/

Reference

http://www.openwall.com/lists/oss-security/2016/09/15/2 http://www.securityfocus.com/bid/92974

Impacted products

Name
Dropbear SSH <2016.74

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92974"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-7406"
    }
  },
  "description": "Dropbear\u662f\u4e00\u4e2a\u76f8\u5bf9\u8f83\u5c0f\u7684SSH\u670d\u52a1\u5668\u548c\u5ba2\u6237\u7aef\u3002\r\n\r\nDropbear SSH\u5b58\u5728\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Matt Johnston",
  "formalWay": "\u76ee\u524d\u8be5\u6f0f\u6d1e\u5df2\u5728Dropbear 2016.74\u4e2d\u4fee\u590d\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u6709\u5173\u7f51\u5740\uff1a\r\nhttps://matt.ucc.asn.au/dropbear/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-07881",
  "openTime": "2016-09-22",
  "patchDescription": "Dropbear\u662f\u4e00\u4e2a\u76f8\u5bf9\u8f83\u5c0f\u7684SSH\u670d\u52a1\u5668\u548c\u5ba2\u6237\u7aef\u3002\r\n\r\nDropbear SSH\u5b58\u5728\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dropbear SSH\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Dropbear SSH \u003c2016.74"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2016/09/15/2\r\nhttp://www.securityfocus.com/bid/92974",
  "serverity": "\u9ad8",
  "submitTime": "2016-09-19",
  "title": "Dropbear SSH\u683c\u5f0f\u5b57\u7b26\u4e32\u6f0f\u6d1e"
}

gsd-2016-7406

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Aliases

CVE-2016-7406

Aliases

CVE-2016-7406

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7406",
    "description": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.",
    "id": "GSD-2016-7406",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-7406.html",
      "https://advisories.mageia.org/CVE-2016-7406.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7406"
      ],
      "details": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.",
      "id": "GSD-2016-7406",
      "modified": "2023-12-13T01:21:20.443145Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-7406",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201702-23",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201702-23"
          },
          {
            "name": "92974",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92974"
          },
          {
            "name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH \u003c2016.74",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
          },
          {
            "name": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb",
            "refsource": "CONFIRM",
            "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2016.73",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7406"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201702-23",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://security.gentoo.org/glsa/201702-23"
            },
            {
              "name": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376353"
            },
            {
              "name": "92974",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/92974"
            },
            {
              "name": "[oss-security] 20160915 Re: CVE request for Dropbear SSH \u003c2016.74",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/09/15/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-03-04T23:00Z",
      "publishedDate": "2017-03-03T16:59Z"
    }
  }
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-7406 (GCVE-0-2016-7406)

Vulnerability from cvelistv5

ghsa-jvpx-9hv9-4qf6

Vulnerability from github

sca-2022-0007

Vulnerability from csaf_sick

SCA-2022-0007

Vulnerability from csaf_sick

fkie_cve-2016-7406

Vulnerability from fkie_nvd

cnvd-2016-07881

Vulnerability from cnvd

gsd-2016-7406

Vulnerability from gsd

CERTFR-2021-AVI-669

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature