Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d17n-u3cw-cudj

Summary It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

Aliases

alias	CVE-2017-2659

Fixed_packages

url	pkg:deb/debian/dropbear@2013.60-1?distro=trixie
purl	pkg:deb/debian/dropbear@2013.60-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2013.60-1%3Fdistro=trixie

url pkg:deb/debian/dropbear@2014.65-1

purl pkg:deb/debian/dropbear@2014.65-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2014.65-1

url	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/dropbear@2020.81-3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2020.81-3%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/dropbear@2022.83-1%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2022.83-1%252Bdeb12u3%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
purl	pkg:deb/debian/dropbear@2025.89-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/dropbear@2025.89-1?distro=trixie
purl	pkg:deb/debian/dropbear@2025.89-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2025.89-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/dropbear@0.45-2sarge0

purl pkg:deb/debian/dropbear@0.45-2sarge0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kyz-5rns-2qfy

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-guvt-ddvk-dbdk

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-rwzw-vrhk-sqfw

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-uz94-gzud-euhk

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.45-2sarge0

url pkg:deb/debian/dropbear@0.48.1-2

purl pkg:deb/debian/dropbear@0.48.1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-guvt-ddvk-dbdk

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.48.1-2

url pkg:deb/debian/dropbear@0.51-1

purl pkg:deb/debian/dropbear@0.51-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.51-1

url pkg:deb/debian/dropbear@0.52-5%2Bsqueeze1

purl pkg:deb/debian/dropbear@0.52-5%2Bsqueeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jd36-dxz7-dfdy

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@0.52-5%252Bsqueeze1

url pkg:deb/debian/dropbear@2012.55-1.3

purl pkg:deb/debian/dropbear@2012.55-1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ucx-wdc2-tuad

vulnerability	VCID-8apc-5c8s-k3ar

vulnerability	VCID-9pmf-w3x7-5ugr

vulnerability	VCID-9vje-sxgj-9udj

vulnerability	VCID-a8c1-84ye-73en

vulnerability	VCID-adtn-2cnz-wfb9

vulnerability	VCID-d17n-u3cw-cudj

vulnerability	VCID-d3s7-uqk1-47bq

vulnerability	VCID-fkyw-zr2t-y7dm

vulnerability	VCID-gdx4-w6cw-2kek

vulnerability	VCID-hmcm-aqkc-zfdm

vulnerability	VCID-jzn6-bzzf-nugp

vulnerability	VCID-qftg-znh3-5kep

vulnerability	VCID-s1dw-5sgq-j3bm

vulnerability	VCID-w5xg-8n7z-zqcs

vulnerability	VCID-xqe7-wtdn-hugk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dropbear@2012.55-1.3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2659

reference_id

reference_type

scores

value	0.00275
scoring_system	epss
scoring_elements	0.51048
published_at	2026-04-18T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51021
published_at	2026-04-12T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51004
published_at	2026-04-13T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50909
published_at	2026-04-01T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50963
published_at	2026-04-02T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50988
published_at	2026-04-04T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50945
published_at	2026-04-07T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51002
published_at	2026-04-08T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.50999
published_at	2026-04-09T12:55:00Z

value	0.00275
scoring_system	epss
scoring_elements	0.51042
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2659

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2659
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2659

reference_url	https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
reference_id
reference_type
scores
url	https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh::::::::
reference_id	cpe:2.3:a:dropbear_ssh_project:dropbear_ssh::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2659

reference_id

CVE-2017-2659

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2659

Weaknesses

cwe_id	209
name	Generation of Error Message Containing Sensitive Information
description	The product generates an error message that includes sensitive information about its environment, users, or associated data.

cwe_id	287
name	Improper Authentication
description	When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Exploits

Severity_range_score 5.0 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d17n-u3cw-cudj

Vulnerability Instance