Candidate: CVE-2020-36254
PublicDate: 2021-02-25 09:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36254
 https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
Description:
 scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty
 filename, a related issue to CVE-2018-20685.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_dropbear:
upstream_dropbear: released (2020.79-1)
precise/esm_dropbear: DNE
trusty_dropbear: ignored (out of standard support)
trusty/esm_dropbear: DNE
xenial_dropbear: ignored (end of standard support, was needs-triage)
bionic_dropbear: needs-triage
focal_dropbear: needs-triage
groovy_dropbear: not-affected (2020.80-1)
hirsute_dropbear: not-affected
impish_dropbear: not-affected
jammy_dropbear: not-affected
devel_dropbear: not-affected