Vulnerability Details : CVE-2005-4178
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2005-4178
Probability of exploitation activity in the next 30 days: 0.34%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4178
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
References for CVE-2005-4178
-
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15923/
Third Party Advisory;VDB Entry
-
http://matt.ucc.asn.au/dropbear/dropbear.html
Patch;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-923
Third Party Advisory
-
http://www.vupen.com/english/advisories/2005/2962
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml
Third Party Advisory
Products affected by CVE-2005-4178
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*