CVE-2005-4178

{"id": "CVE-2005-4178", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-12T21:03:00.000", "references": [{"url": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://matt.ucc.asn.au/dropbear/dropbear.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://secunia.com/advisories/18108", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "http://secunia.com/advisories/18109", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "http://secunia.com/advisories/18142", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "http://www.debian.org/security/2005/dsa-923", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "http://www.securityfocus.com/bid/15923/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@debian.org"}, {"url": "http://www.vupen.com/english/advisories/2005/2962", "tags": ["Third Party Advisory"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations."}], "lastModified": "2018-10-30T16:28:03.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42FAEFDB-C7B0-40F2-B09F-5F4FE1605C17", "versionEndExcluding": "0.47"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3"}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}