Critical severity9.8NVD Advisory· Published Mar 3, 2017· Updated May 13, 2026

CVE-2016-7406

Description

Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2016/09/15/2nvdMailing ListPatchThird Party Advisory
secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcbnvdIssue TrackingPatchThird Party Advisory
security.gentoo.org/glsa/201702-23nvdPatchThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/92974nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
seclists.org/fulldisclosure/2024/Aug/35nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.020
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000