CVE-2017-9078

High

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP…

mitre·CWE-415·Published 2017-05-19

CVSS

8.8

EPSS

0.05

KEV

No

Exploits

0

Vendor statements (1)

debian.org

cve.orgen

180 chars

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

NVDen

180 chars

The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

NVDes

239 chars

El servidor en Dropbear anteriores a 2017.75 podría permitir la post-autenticación de ejecución de código remoto con privilegios de root debido a una doble liberación en la limpieza de los TCP listeners cuando la opción -a está habilitada.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	8.5	6.8	10.0	AV:N/AC:M/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H