Search for vulnerabilities
Vulnerability details: VCID-e3hh-uv6r-aaaa
Vulnerability ID VCID-e3hh-uv6r-aaaa
Aliases CVE-2012-0920
Summary Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."
Status Published
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01032 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01080 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01080 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01080 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.01803 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.02977 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.02977 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.02977 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.02977 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
epss 0.05921 https://api.first.org/data/v1/epss?cve=CVE-2012-0920
cvssv2 7.1 https://nvd.nist.gov/vuln/detail/CVE-2012-0920
Reference id Reference type URL
http://matt.ucc.asn.au/dropbear/CHANGES
https://api.first.org/data/v1/epss?cve=CVE-2012-0920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0920
http://secunia.com/advisories/48147
http://secunia.com/advisories/48929
https://exchange.xforce.ibmcloud.com/vulnerabilities/73444
https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
https://www.mantor.org/~northox/misc/CVE-2012-0920.html
http://www.debian.org/security/2012/dsa-2456
http://www.osvdb.org/79590
http://www.securityfocus.com/bid/52159
661150 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661150
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE-2012-0920 https://nvd.nist.gov/vuln/detail/CVE-2012-0920
GLSA-201309-20 https://security.gentoo.org/glsa/201309-20
No exploits are available.
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0920
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84305
EPSS Score 0.01032
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.