Fluid Attacks Database

Description

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	dropbear	>=0 <2016.74-5	2016.74-5
debian 13	dropbear	>=0 <2016.74-5	2016.74-5
debian 12	dropbear	>=0 <2016.74-5	2016.74-5
alpine v3.4	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| >=0 <2017.75-r0	2017.75-r0
debian 14	dropbear	>=0 <2016.74-5	2016.74-5
alpine v3.5	dropbear	=0.52-r0 \|\| =0.52-r1 \|\| =0.52-r2 \|\| =0.52-r3 \|\| =0.52-r4 \|\| =0.53.1-r0 \|\| =0.53.1-r1 \|\| =2012.55-r0 \|\| =2013.58-r0 \|\| =2014.63-r0 \|\| =2014.65-r0 \|\| =2014.66-r0 \|\| =2014.66-r1 \|\| =2015.67-r0 \|\| =2015.68-r0 \|\| =2015.68-r1 \|\| =2015.68-r2 \|\| =2015.70-r2 \|\| =2015.71-r0 \|\| =2015.71-r1 \|\| =2016.73-r0 \|\| =2016.74-r0 \|\| =2016.74-r1 \|\| >=0 <2017.75-r0	2017.75-r0

Aliases

1. CVE-2017-90782. NVD-2017-90783. OSV-DEBIAN-2017-90784. OSV-2017-90785. OSV-ALPINE-2017-90786. SECURITY-TRACKER-CVE-2017-90787. SECURITY-CVE-2017-9078

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.