VYPR

Dropbear

by Mkj

Source repositories

CVEs (4)

  • CVE-2025-14282MedFeb 12, 2026
    risk 0.28cvss 5.4epss 0.00

    A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like…

  • CVE-2026-3706LowMar 8, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The…

  • CVE-2025-47203MedMay 7, 2025
    risk 0.22cvss 4.5epss 0.01

    dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.

  • CVE-2017-2659Mar 20, 2019
    risk 0.00cvss epss 0.02

    It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.