{"id":"USN-7292-1","summary":"Several security issues were fixed in Dropbear","details":"Manfred Kaiser discovered that Dropbear through 2020.81 does not properly\ncheck the available authentication methods in the client-side SSH code.\nAn attacker could use this vulnerability to gain unauthorized access to\nremote systems. (CVE-2021-36369)\n\nFabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH\ntransport protocol implementation in Dropbear had weak integrity checks.\nAn attacker could use this vulnerability to bypass security features\nlike encryption and integrity checks. (CVE-2023-48795)\n","modified":"2026-04-27T17:18:19.863897Z","published":"2025-02-25T12:33:22Z","related":["UBUNTU-CVE-2021-36369","UBUNTU-CVE-2023-48795"],"upstream":["CVE-2021-36369","CVE-2023-48795","UBUNTU-CVE-2021-36369","UBUNTU-CVE-2023-48795"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7292-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-36369"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-48795"}],"affected":[{"package":{"name":"dropbear","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/dropbear@2017.75-3ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2017.75-3ubuntu0.1~esm1"}]}],"versions":["2017.75-2","2017.75-3build1"],"ecosystem_specific":{"binaries":[{"binary_version":"2017.75-3ubuntu0.1~esm1","binary_name":"dropbear"},{"binary_version":"2017.75-3ubuntu0.1~esm1","binary_name":"dropbear-bin"},{"binary_version":"2017.75-3ubuntu0.1~esm1","binary_name":"dropbear-initramfs"},{"binary_version":"2017.75-3ubuntu0.1~esm1","binary_name":"dropbear-run"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7292-1.json","cves_map":{"cves":[{"id":"CVE-2021-36369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-48795","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"dropbear","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/dropbear@2019.78-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2019.78-2ubuntu0.1~esm1"}]}],"versions":["2019.78-2build1"],"ecosystem_specific":{"binaries":[{"binary_version":"2019.78-2ubuntu0.1~esm1","binary_name":"dropbear"},{"binary_version":"2019.78-2ubuntu0.1~esm1","binary_name":"dropbear-bin"},{"binary_version":"2019.78-2ubuntu0.1~esm1","binary_name":"dropbear-initramfs"},{"binary_version":"2019.78-2ubuntu0.1~esm1","binary_name":"dropbear-run"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7292-1.json","cves_map":{"cves":[{"id":"CVE-2021-36369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-48795","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"dropbear","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/dropbear@2020.81-5ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2020.81-5ubuntu0.1"}]}],"versions":["2020.81-3","2020.81-4","2020.81-5"],"ecosystem_specific":{"binaries":[{"binary_version":"2020.81-5ubuntu0.1","binary_name":"dropbear"},{"binary_version":"2020.81-5ubuntu0.1","binary_name":"dropbear-bin"},{"binary_version":"2020.81-5ubuntu0.1","binary_name":"dropbear-initramfs"},{"binary_version":"2020.81-5ubuntu0.1","binary_name":"dropbear-run"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7292-1.json","cves_map":{"cves":[{"id":"CVE-2021-36369","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-48795","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}