VYPR

Net::Dropbear

by Net::Dropbear

Source repositories

CVEs (8)

  • CVE-2025-15638CriApr 21, 2026
    risk 0.65cvss 10.0epss 0.01

    Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and…

  • CVE-2020-36254HigFeb 25, 2021
    risk 0.46cvss 8.1epss 0.02

    scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

  • CVE-2025-40913MedJul 16, 2025
    risk 0.35cvss 6.5epss 0.00

    Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

  • CVE-2019-12953MedDec 30, 2020
    risk 0.35cvss 5.3epss 0.01

    Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.

  • CVE-2018-15599MedAug 21, 2018
    risk 0.35cvss 5.3epss 0.03

    The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

  • CVE-2025-14282MedFeb 12, 2026
    risk 0.28cvss 5.4epss 0.00

    A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like…

  • CVE-2021-36369HigOct 12, 2022
    risk 0.00cvss 7.5epss 0.01

    An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security…

  • CVE-2007-1099Feb 26, 2007
    risk 0.00cvss epss 0.02

    dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.