Unrated severityNVD Advisory· Published Jun 5, 2012· Updated Apr 29, 2026

CVE-2012-0920

Description

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

Affected products

Dropbear Ssh Project/Dropbear SSH
cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*
Range: >=0.52,<=2012.54
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

matt.ucc.asn.au/dropbear/CHANGESnvdVendor Advisory
secunia.com/advisories/48147nvdThird Party Advisory
secunia.com/advisories/48929nvdThird Party Advisory
www.debian.org/security/2012/dsa-2456nvdThird Party Advisory
www.securityfocus.com/bid/52159nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/73444nvdThird Party AdvisoryVDB Entry
secure.ucc.asn.au/hg/dropbear/rev/818108bf7749nvdVendor Advisory
www.mantor.org/~northox/misc/CVE-2012-0920.htmlnvdThird Party Advisory
www.osvdb.org/79590nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000