Fluid Attacks Database

Description

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.19	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.20	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.5	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| >=0 <2017.75-r1	2017.75-r1
alpine v3.10	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.11	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.12	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.13	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.14	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.15	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2
alpine v3.16	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| =2017.75-r0 \|\| =2017.75-r1 \|\| =2018.76-r0 \|\| =2018.76-r1 \|\| >=0 <2018.76-r2	2018.76-r2

1-10 of 23

Aliases

1. CVE-2018-155992. NVD-2018-155993. OSV-ALPINE-2018-155994. OSV-2018-155995. OSV-DEBIAN-2018-155996. SECURITY-CVE-2018-155997. SECURITY-TRACKER-CVE-2018-15599

References

1. https://github.com/Remnant-DB/CVE-2018-15599

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.