{"api_version":"1","generated_at":"2026-04-22T19:04:50+00:00","cve":"CVE-2005-4178","urls":{"html":"https://cve.report/CVE-2005-4178","api":"https://cve.report/api/cve/CVE-2005-4178.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-4178","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-4178"},"summary":{"title":"CVE-2005-4178","description":"Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.","state":"PUBLISHED","assigner":"debian","published_at":"2005-12-12 21:03:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html","name":"http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Dropbear 0.47 (and security fix)","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18108","name":"http://secunia.com/advisories/18108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Secunia - Advisories - Dropbear SSH Server Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2005/2962","name":"http://www.vupen.com/english/advisories/2005/2962","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Webmail | OVH- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Gentoo Linux Documentation\n--\n  Dropbear: Privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://matt.ucc.asn.au/dropbear/dropbear.html","name":"http://matt.ucc.asn.au/dropbear/dropbear.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Dropbear SSH server and client","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18109","name":"http://secunia.com/advisories/18109","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Secunia - Advisories - Debian update for dropbear","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18142","name":"http://secunia.com/advisories/18142","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Gentoo update for dropbear - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2005/dsa-923","name":"http://www.debian.org/security/2005/dsa-923","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-923-1 dropbear","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/15923/","name":"http://www.securityfocus.com/bid/15923/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Dropbear SSH Server Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/15923","name":"BID:15923","refsource":"MITRE","tags":[],"title":"Dropbear SSH Server Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-4178","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-4178","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"4178","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"4178","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"4178","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dropbear_ssh_project","cpe5":"dropbear_ssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T23:38:51.292Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"18142","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18142"},{"name":"15923","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/15923/"},{"name":"[dropbear] 20051211 Dropbear 0.47 (and security fix)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html"},{"name":"18109","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18109"},{"name":"GLSA-200512-13","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml"},{"name":"DSA-923","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2005/dsa-923"},{"name":"18108","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/18108"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://matt.ucc.asn.au/dropbear/dropbear.html"},{"name":"ADV-2005-2962","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2005/2962"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-12-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2005-12-20T10:00:00.000Z","orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian"},"references":[{"name":"18142","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18142"},{"name":"15923","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/15923/"},{"name":"[dropbear] 20051211 Dropbear 0.47 (and security fix)","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html"},{"name":"18109","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18109"},{"name":"GLSA-200512-13","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml"},{"name":"DSA-923","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2005/dsa-923"},{"name":"18108","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/18108"},{"tags":["x_refsource_MISC"],"url":"http://matt.ucc.asn.au/dropbear/dropbear.html"},{"name":"ADV-2005-2962","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2005/2962"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2005-4178","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"18142","refsource":"SECUNIA","url":"http://secunia.com/advisories/18142"},{"name":"15923","refsource":"BID","url":"http://www.securityfocus.com/bid/15923/"},{"name":"[dropbear] 20051211 Dropbear 0.47 (and security fix)","refsource":"MLIST","url":"http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html"},{"name":"18109","refsource":"SECUNIA","url":"http://secunia.com/advisories/18109"},{"name":"GLSA-200512-13","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml"},{"name":"DSA-923","refsource":"DEBIAN","url":"http://www.debian.org/security/2005/dsa-923"},{"name":"18108","refsource":"SECUNIA","url":"http://secunia.com/advisories/18108"},{"name":"http://matt.ucc.asn.au/dropbear/dropbear.html","refsource":"MISC","url":"http://matt.ucc.asn.au/dropbear/dropbear.html"},{"name":"ADV-2005-2962","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2005/2962"}]}}}},"cveMetadata":{"assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","assignerShortName":"debian","cveId":"CVE-2005-4178","datePublished":"2005-12-12T21:00:00.000Z","dateReserved":"2005-12-12T00:00:00.000Z","dateUpdated":"2024-08-07T23:38:51.292Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-12-12 21:03:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*","versionEndExcluding":"0.47","matchCriteriaId":"42FAEFDB-C7B0-40F2-B09F-5F4FE1605C17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*","matchCriteriaId":"2CAE037F-111C-4A76-8FFE-716B74D65EF3"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*","matchCriteriaId":"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"4178","Ordinal":"1","Title":"CVE-2005-4178","CVE":"CVE-2005-4178","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"4178","Ordinal":"1","NoteData":"Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.","Type":"Description","Title":"CVE-2005-4178"},{"CveYear":"2005","CveId":"4178","Ordinal":"2","NoteData":"2005-12-12","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"4178","Ordinal":"3","NoteData":"2005-12-20","Type":"Other","Title":"Modified"}]}}}