Home > Vulnerability Database > CVE-2012-0920

Mend.io Vulnerability Database

CVE-2012-0920

Date: June 5, 2012

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Language: C

Severity Score

7.5

Related Resources (13)

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0920

Url: http://matt.ucc.asn.au/dropbear/CHANGES

Url: https://www.mantor.org/~northox/misc/CVE-2012-0920.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/73444

Url: http://www.securityfocus.com/bid/52159

Url: http://secunia.com/advisories/48929

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0920

Url: http://www.debian.org/security/2012/dsa-2456

Url: http://www.osvdb.org/79590

Url: https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749

Url: http://secunia.com/advisories/48147

Url: https://security-tracker.debian.org/tracker/CVE-2012-0920

Url: https://www.mend.io/vulnerability-database/CVE-2012-0920

Severity Score

7.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-0920

Date: June 5, 2012

Language: C

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?