Medium severity6.4NVD Advisory· Published Mar 22, 2016· Updated Jun 17, 2026
CVE-2016-3116
CVE-2016-3116
Description
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*range: <=2015.71
- (no CPE)range: <2016.72
Patches
Vulnerability mechanics
References
10- lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-03/msg00105.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-03/msg00113.htmlnvd
- packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.htmlnvd
- seclists.org/fulldisclosure/2016/Mar/47nvd
- github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115nvd
- matt.ucc.asn.au/dropbear/CHANGESnvd
- security.gentoo.org/glsa/201607-08nvd
News mentions
0No linked articles in our index yet.