1. CVE-Search
  2. CVE-2020-36254
ID CVE-2020-36254
Summary scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
References
Vulnerable Configurations
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test1:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test2:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test3:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.44:test4:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.48.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:0.53.1:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2011.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.54:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2012.55:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.56:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.57:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.58:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.59:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.60:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.61:test:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2013.62:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.63:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.64:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.65:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2014.66:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.67:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.68:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.69:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.70:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2015.71:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.72:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.72:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.73:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.73:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2016.74:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2017.75:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2017.75:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2018.76:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2018.76:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2019.77:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2019.77:*:*:*:*:*:*:*
  • cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2019.78:*:*:*:*:*:*:*
    cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:2019.78:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-09-2021 - 15:34)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
Last major update 17-09-2021 - 15:34
Published 25-02-2021 - 09:15
Last modified 17-09-2021 - 15:34
Back to Top