Fluid Attacks Database

Description

dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	dropbear	>=0 <0.49-1	0.49-1
debian 14	dropbear	>=0 <0.49-1	0.49-1
debian 12	dropbear	>=0 <0.49-1	0.49-1
debian 11	dropbear	>=0 <0.49-1	0.49-1

Aliases

1. CVE-2007-10992. NVD-2007-10993. OSV-DEBIAN-2007-10994. OSV-2007-10995. SECURITY-TRACKER-CVE-2007-1099

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.