Your submission was sent successfully! Close

CVE-2013-4421

Published: 25 October 2013

The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.

Priority

Medium

Status

Package Release Status
dropbear
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2013.59)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2013.59)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [2013.59])
Patches:
Other: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f