Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cpan

Net-Dropbear

cpan

Use Dropbear SSH inside of perl

View on github.com · View on metacpan.org

Security Advisories for Net-Dropbear in cpan

about 1 month ago

Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected ... CPANSA-Net-Dropbear-2025-15638

cpan Net-Dropbear
11 months ago

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328. CPANSA-Net-Dropbear-2025-40913

cpan Net-Dropbear
High
over 5 years ago

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. CPANSA-Net-Dropbear-2020-36254-dropbear

cpan Net-Dropbear
Moderate
over 5 years ago

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. CPANSA-Net-Dropbear-2019-12953-dropbear

cpan Net-Dropbear
Critical
over 6 years ago

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and cras... CPANSA-Net-Dropbear-2019-17362

cpan Net-Dropbear
Critical
over 6 years ago

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and cras... CPANSA-Net-Dropbear-2019-17362-libtomcrypt

cpan Net-Dropbear
High
over 9 years ago

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures... CPANSA-Net-Dropbear-2016-6129-libtomcrypt

cpan Net-Dropbear

Filter by Severity

High 2 Critical 2 Moderate 1