CVE-2016-7406
CRITICAL9.8EPSS 25.3%dropbear - security update
Published: 3/3/2017Modified: 4/28/2026
Also known as:DEBIAN-CVE-2016-7406
Description
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Affected packages (2)
- Debian/dropbearfrom 0, < 2016.74-1
- Debian/dropbearfrom 0, < 2012.55-1.3+deb7u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |