2020-10-15 20:34:23 +02:00
"""
The MIT License ( MIT )
Copyright ( C ) 2017 - 2020 Joe Testa ( jtesta @positronsecurity.com )
Copyright ( C ) 2017 Andris Raugulis ( moo @arthepsy.eu )
Permission is hereby granted , free of charge , to any person obtaining a copy
of this software and associated documentation files ( the " Software " ) , to deal
in the Software without restriction , including without limitation the rights
to use , copy , modify , merge , publish , distribute , sublicense , and / or sell
copies of the Software , and to permit persons to whom the Software is
furnished to do so , subject to the following conditions :
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software .
THE SOFTWARE IS PROVIDED " AS IS " , WITHOUT WARRANTY OF ANY KIND , EXPRESS OR
IMPLIED , INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY ,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT . IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM , DAMAGES OR OTHER
LIABILITY , WHETHER IN AN ACTION OF CONTRACT , TORT OR OTHERWISE , ARISING FROM ,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE .
"""
# pylint: disable=unused-import
from typing import Dict , List , Set , Sequence , Tuple , Iterable # noqa: F401
from typing import Callable , Optional , Union , Any # noqa: F401
class VersionVulnerabilityDB : # pylint: disable=too-few-public-methods
# Format: [starting_vuln_version, last_vuln_version, affected, CVE_ID, CVSSv2, description]
# affected: 1 = server, 2 = client, 4 = local
# Example: if it affects servers, both remote & local, then affected
# = 1. If it affects servers, but is a local issue only,
# then affected = 1 + 4 = 5.
2021-01-21 16:20:48 +01:00
CVE : Dict [ str , List [ List [ Any ] ] ] = {
2020-10-15 20:34:23 +02:00
' Dropbear SSH ' : [
2022-10-27 16:10:17 +02:00
[ ' 0.0 ' , ' 2020.81 ' , 2 , ' CVE-2021-36369 ' , 7.5 , ' trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS ' ] ,
2020-10-15 20:34:23 +02:00
[ ' 0.0 ' , ' 2018.76 ' , 1 , ' CVE-2018-15599 ' , 5.0 , ' remote users may enumerate users on the system ' ] ,
[ ' 0.0 ' , ' 2017.74 ' , 5 , ' CVE-2017-9079 ' , 4.7 , ' local users can read certain files as root ' ] ,
[ ' 0.0 ' , ' 2017.74 ' , 5 , ' CVE-2017-9078 ' , 9.3 , ' local users may elevate privileges to root under certain conditions ' ] ,
[ ' 0.0 ' , ' 2016.73 ' , 5 , ' CVE-2016-7409 ' , 2.1 , ' local users can read process memory under limited conditions ' ] ,
[ ' 0.0 ' , ' 2016.73 ' , 1 , ' CVE-2016-7408 ' , 6.5 , ' remote users can execute arbitrary code ' ] ,
[ ' 0.0 ' , ' 2016.73 ' , 5 , ' CVE-2016-7407 ' , 10.0 , ' local users can execute arbitrary code ' ] ,
[ ' 0.0 ' , ' 2016.73 ' , 1 , ' CVE-2016-7406 ' , 10.0 , ' remote users can execute arbitrary code ' ] ,
[ ' 0.44 ' , ' 2015.71 ' , 1 , ' CVE-2016-3116 ' , 5.5 , ' bypass command restrictions via xauth command injection ' ] ,
[ ' 0.28 ' , ' 2013.58 ' , 1 , ' CVE-2013-4434 ' , 5.0 , ' discover valid usernames through different time delays ' ] ,
[ ' 0.28 ' , ' 2013.58 ' , 1 , ' CVE-2013-4421 ' , 5.0 , ' cause DoS via a compressed packet (memory consumption) ' ] ,
[ ' 0.52 ' , ' 2011.54 ' , 1 , ' CVE-2012-0920 ' , 7.1 , ' execute arbitrary code or bypass command restrictions ' ] ,
[ ' 0.40 ' , ' 0.48.1 ' , 1 , ' CVE-2007-1099 ' , 7.5 , ' conduct a MitM attack (no warning for hostkey mismatch) ' ] ,
[ ' 0.28 ' , ' 0.47 ' , 1 , ' CVE-2006-1206 ' , 7.5 , ' cause DoS via large number of connections (slot exhaustion) ' ] ,
[ ' 0.39 ' , ' 0.47 ' , 1 , ' CVE-2006-0225 ' , 4.6 , ' execute arbitrary commands via scp with crafted filenames ' ] ,
[ ' 0.28 ' , ' 0.46 ' , 1 , ' CVE-2005-4178 ' , 6.5 , ' execute arbitrary code via buffer overflow vulnerability ' ] ,
[ ' 0.28 ' , ' 0.42 ' , 1 , ' CVE-2004-2486 ' , 7.5 , ' execute arbitrary code via DSS verification code ' ] ] ,
' libssh ' : [
[ ' 0.6.4 ' , ' 0.6.4 ' , 1 , ' CVE-2018-10933 ' , 6.4 , ' authentication bypass ' ] ,
[ ' 0.7.0 ' , ' 0.7.5 ' , 1 , ' CVE-2018-10933 ' , 6.4 , ' authentication bypass ' ] ,
[ ' 0.8.0 ' , ' 0.8.3 ' , 1 , ' CVE-2018-10933 ' , 6.4 , ' authentication bypass ' ] ,
[ ' 0.1 ' , ' 0.7.2 ' , 1 , ' CVE-2016-0739 ' , 4.3 , ' conduct a MitM attack (weakness in DH key generation) ' ] ,
[ ' 0.5.1 ' , ' 0.6.4 ' , 1 , ' CVE-2015-3146 ' , 5.0 , ' cause DoS via kex packets (null pointer dereference) ' ] ,
[ ' 0.5.1 ' , ' 0.6.3 ' , 1 , ' CVE-2014-8132 ' , 5.0 , ' cause DoS via kex init packet (dangling pointer) ' ] ,
[ ' 0.4.7 ' , ' 0.6.2 ' , 1 , ' CVE-2014-0017 ' , 1.9 , ' leak data via PRNG state reuse on forking servers ' ] ,
[ ' 0.4.7 ' , ' 0.5.3 ' , 1 , ' CVE-2013-0176 ' , 4.3 , ' cause DoS via kex packet (null pointer dereference) ' ] ,
[ ' 0.4.7 ' , ' 0.5.2 ' , 1 , ' CVE-2012-6063 ' , 7.5 , ' cause DoS or execute arbitrary code via sftp (double free) ' ] ,
[ ' 0.4.7 ' , ' 0.5.2 ' , 1 , ' CVE-2012-4562 ' , 7.5 , ' cause DoS or execute arbitrary code (overflow check) ' ] ,
[ ' 0.4.7 ' , ' 0.5.2 ' , 1 , ' CVE-2012-4561 ' , 5.0 , ' cause DoS via unspecified vectors (invalid pointer) ' ] ,
[ ' 0.4.7 ' , ' 0.5.2 ' , 1 , ' CVE-2012-4560 ' , 7.5 , ' cause DoS or execute arbitrary code (buffer overflow) ' ] ,
[ ' 0.4.7 ' , ' 0.5.2 ' , 1 , ' CVE-2012-4559 ' , 6.8 , ' cause DoS or execute arbitrary code (double free) ' ] ] ,
' OpenSSH ' : [
2022-02-22 03:41:44 +01:00
[ ' 6.2 ' , ' 8.7 ' , 5 , ' CVE-2021-41617 ' , 7.0 , ' privilege escalation via supplemental groups ' ] ,
2022-10-27 16:10:17 +02:00
[ ' 1.0 ' , ' 8.8 ' , 2 , ' CVE-2021-36368 ' , 3.7 , ' trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS ' ] ,
2022-02-22 03:41:44 +01:00
[ ' 8.2 ' , ' 8.4 ' , 2 , ' CVE-2021-28041 ' , 7.1 , ' double free via ssh-agent ' ] ,
[ ' 1.0 ' , ' 8.3 ' , 5 , ' CVE-2020-15778 ' , 7.8 , ' command injection via anomalous argument transfers ' ] ,
[ ' 5.7 ' , ' 8.3 ' , 2 , ' CVE-2020-14145 ' , 5.9 , ' information leak via algorithm negotiation ' ] ,
[ ' 8.2 ' , ' 8.2 ' , 2 , ' CVE-2020-12062 ' , 7.5 , ' arbitrary files overwrite via scp ' ] ,
[ ' 7.7 ' , ' 8.0 ' , 7 , ' CVE-2019-16905 ' , 7.8 , ' memory corruption and local code execution via pre-authentication integer overflow ' ] ,
[ ' 1.0 ' , ' 7.9 ' , 2 , ' CVE-2019-6111 ' , 5.9 , ' arbitrary files overwrite via scp ' ] ,
[ ' 1.0 ' , ' 7.9 ' , 2 , ' CVE-2019-6110 ' , 6.8 , ' output manipulation ' ] ,
[ ' 1.0 ' , ' 7.9 ' , 2 , ' CVE-2019-6109 ' , 6.8 , ' output manipulation ' ] ,
[ ' 1.0 ' , ' 7.9 ' , 2 , ' CVE-2018-20685 ' , 5.3 , ' directory permissions modification via scp ' ] ,
2022-02-22 03:51:35 +01:00
[ ' 5.9 ' , ' 7.8 ' , 1 , ' CVE-2018-15919 ' , 5.3 , ' username enumeration via GS2 ' ] ,
2022-02-22 03:41:44 +01:00
[ ' 1.0 ' , ' 7.7 ' , 1 , ' CVE-2018-15473 ' , 5.3 , ' enumerate usernames due to timing discrepancies ' ] ,
[ ' 1.2 ' , ' 6.292 ' , 1 , ' CVE-2017-15906 ' , 5.3 , ' readonly bypass via sftp ' ] ,
[ ' 1.0 ' , ' 8.7 ' , 1 , ' CVE-2016-20012 ' , 5.3 , ' enumerate usernames via challenge response ' ] ,
2020-10-15 20:34:23 +02:00
[ ' 7.2 ' , ' 7.2p2 ' , 1 , ' CVE-2016-6515 ' , 7.8 , ' cause DoS via long password string (crypt CPU consumption) ' ] ,
[ ' 1.2.2 ' , ' 7.2 ' , 1 , ' CVE-2016-3115 ' , 5.5 , ' bypass command restrictions via crafted X11 forwarding data ' ] ,
[ ' 5.4 ' , ' 7.1 ' , 1 , ' CVE-2016-1907 ' , 5.0 , ' cause DoS via crafted network traffic (out of bounds read) ' ] ,
[ ' 5.4 ' , ' 7.1p1 ' , 2 , ' CVE-2016-0778 ' , 4.6 , ' cause DoS via requesting many forwardings (heap based buffer overflow) ' ] ,
[ ' 5.0 ' , ' 7.1p1 ' , 2 , ' CVE-2016-0777 ' , 4.0 , ' leak data via allowing transfer of entire buffer ' ] ,
[ ' 6.0 ' , ' 7.2p2 ' , 5 , ' CVE-2015-8325 ' , 7.2 , ' privilege escalation via triggering crafted environment ' ] ,
[ ' 6.8 ' , ' 6.9 ' , 5 , ' CVE-2015-6565 ' , 7.2 , ' cause DoS via writing to a device (terminal disruption) ' ] ,
[ ' 5.0 ' , ' 6.9 ' , 5 , ' CVE-2015-6564 ' , 6.9 , ' privilege escalation via leveraging sshd uid ' ] ,
[ ' 5.0 ' , ' 6.9 ' , 5 , ' CVE-2015-6563 ' , 1.9 , ' conduct impersonation attack ' ] ,
[ ' 6.9p1 ' , ' 6.9p1 ' , 1 , ' CVE-2015-5600 ' , 8.5 , ' cause Dos or aid in conduct brute force attack (CPU consumption) ' ] ,
[ ' 6.0 ' , ' 6.6 ' , 1 , ' CVE-2015-5352 ' , 4.3 , ' bypass access restrictions via a specific connection ' ] ,
[ ' 6.0 ' , ' 6.6 ' , 2 , ' CVE-2014-2653 ' , 5.8 , ' bypass SSHFP DNS RR check via unacceptable host certificate ' ] ,
[ ' 5.0 ' , ' 6.5 ' , 1 , ' CVE-2014-2532 ' , 5.8 , ' bypass environment restrictions via specific string before wildcard ' ] ,
[ ' 1.2 ' , ' 6.4 ' , 1 , ' CVE-2014-1692 ' , 7.5 , ' cause DoS via triggering error condition (memory corruption) ' ] ,
[ ' 6.2 ' , ' 6.3 ' , 1 , ' CVE-2013-4548 ' , 6.0 , ' bypass command restrictions via crafted packet data ' ] ,
[ ' 1.2 ' , ' 5.6 ' , 1 , ' CVE-2012-0814 ' , 3.5 , ' leak data via debug messages ' ] ,
[ ' 1.2 ' , ' 5.8 ' , 1 , ' CVE-2011-5000 ' , 3.5 , ' cause DoS via large value in certain length field (memory consumption) ' ] ,
[ ' 5.6 ' , ' 5.7 ' , 2 , ' CVE-2011-0539 ' , 5.0 , ' leak data or conduct hash collision attack ' ] ,
[ ' 1.2 ' , ' 6.1 ' , 1 , ' CVE-2010-5107 ' , 5.0 , ' cause DoS via large number of connections (slot exhaustion) ' ] ,
[ ' 1.2 ' , ' 5.8 ' , 1 , ' CVE-2010-4755 ' , 4.0 , ' cause DoS via crafted glob expression (CPU and memory consumption) ' ] ,
[ ' 1.2 ' , ' 5.6 ' , 1 , ' CVE-2010-4478 ' , 7.5 , ' bypass authentication check via crafted values ' ] ,
[ ' 4.3 ' , ' 4.8 ' , 1 , ' CVE-2009-2904 ' , 6.9 , ' privilege escalation via hard links to setuid programs ' ] ,
[ ' 4.0 ' , ' 5.1 ' , 1 , ' CVE-2008-5161 ' , 2.6 , ' recover plaintext data from ciphertext ' ] ,
[ ' 1.2 ' , ' 4.6 ' , 1 , ' CVE-2008-4109 ' , 5.0 , ' cause DoS via multiple login attempts (slot exhaustion) ' ] ,
[ ' 1.2 ' , ' 4.8 ' , 1 , ' CVE-2008-1657 ' , 6.5 , ' bypass command restrictions via modifying session file ' ] ,
[ ' 1.2.2 ' , ' 4.9 ' , 1 , ' CVE-2008-1483 ' , 6.9 , ' hijack forwarded X11 connections ' ] ,
[ ' 4.0 ' , ' 4.6 ' , 1 , ' CVE-2007-4752 ' , 7.5 , ' privilege escalation via causing an X client to be trusted ' ] ,
[ ' 4.3p2 ' , ' 4.3p2 ' , 1 , ' CVE-2007-3102 ' , 4.3 , ' allow attacker to write random data to audit log ' ] ,
[ ' 1.2 ' , ' 4.6 ' , 1 , ' CVE-2007-2243 ' , 5.0 , ' discover valid usernames through different responses ' ] ,
[ ' 4.4 ' , ' 4.4 ' , 1 , ' CVE-2006-5794 ' , 7.5 , ' bypass authentication ' ] ,
[ ' 4.1 ' , ' 4.1p1 ' , 1 , ' CVE-2006-5229 ' , 2.6 , ' discover valid usernames through different time delays ' ] ,
[ ' 1.2 ' , ' 4.3p2 ' , 1 , ' CVE-2006-5052 ' , 5.0 , ' discover valid usernames through different responses ' ] ,
[ ' 1.2 ' , ' 4.3p2 ' , 1 , ' CVE-2006-5051 ' , 9.3 , ' cause DoS or execute arbitrary code (double free) ' ] ,
[ ' 4.5 ' , ' 4.5 ' , 1 , ' CVE-2006-4925 ' , 5.0 , ' cause DoS via invalid protocol sequence (crash) ' ] ,
[ ' 1.2 ' , ' 4.3p2 ' , 1 , ' CVE-2006-4924 ' , 7.8 , ' cause DoS via crafted packet (CPU consumption) ' ] ,
[ ' 3.8.1p1 ' , ' 3.8.1p1 ' , 1 , ' CVE-2006-0883 ' , 5.0 , ' cause DoS via connecting multiple times (client connection refusal) ' ] ,
[ ' 3.0 ' , ' 4.2p1 ' , 1 , ' CVE-2006-0225 ' , 4.6 , ' execute arbitrary code ' ] ,
[ ' 2.1 ' , ' 4.1p1 ' , 1 , ' CVE-2005-2798 ' , 5.0 , ' leak data about authentication credentials ' ] ,
[ ' 3.5 ' , ' 3.5p1 ' , 1 , ' CVE-2004-2760 ' , 6.8 , ' leak data through different connection states ' ] ,
[ ' 2.3 ' , ' 3.7.1p2 ' , 1 , ' CVE-2004-2069 ' , 5.0 , ' cause DoS via large number of connections (slot exhaustion) ' ] ,
[ ' 3.0 ' , ' 3.4p1 ' , 1 , ' CVE-2004-0175 ' , 4.3 , ' leak data through directoy traversal ' ] ,
[ ' 1.2 ' , ' 3.9p1 ' , 1 , ' CVE-2003-1562 ' , 7.6 , ' leak data about authentication credentials ' ] ,
[ ' 3.1p1 ' , ' 3.7.1p1 ' , 1 , ' CVE-2003-0787 ' , 7.5 , ' privilege escalation via modifying stack ' ] ,
[ ' 3.1p1 ' , ' 3.7.1p1 ' , 1 , ' CVE-2003-0786 ' , 10.0 , ' privilege escalation via bypassing authentication ' ] ,
[ ' 1.0 ' , ' 3.7.1 ' , 1 , ' CVE-2003-0695 ' , 7.5 , ' cause DoS or execute arbitrary code ' ] ,
[ ' 1.0 ' , ' 3.7 ' , 1 , ' CVE-2003-0693 ' , 10.0 , ' execute arbitrary code ' ] ,
[ ' 3.0 ' , ' 3.6.1p2 ' , 1 , ' CVE-2003-0386 ' , 7.5 , ' bypass address restrictions for connection ' ] ,
[ ' 3.1p1 ' , ' 3.6.1p1 ' , 1 , ' CVE-2003-0190 ' , 5.0 , ' discover valid usernames through different time delays ' ] ,
[ ' 3.2.2 ' , ' 3.2.2 ' , 1 , ' CVE-2002-0765 ' , 7.5 , ' bypass authentication ' ] ,
[ ' 1.2.2 ' , ' 3.3p1 ' , 1 , ' CVE-2002-0640 ' , 10.0 , ' execute arbitrary code ' ] ,
[ ' 1.2.2 ' , ' 3.3p1 ' , 1 , ' CVE-2002-0639 ' , 10.0 , ' execute arbitrary code ' ] ,
[ ' 2.1 ' , ' 3.2 ' , 1 , ' CVE-2002-0575 ' , 7.5 , ' privilege escalation ' ] ,
[ ' 2.1 ' , ' 3.0.2p1 ' , 2 , ' CVE-2002-0083 ' , 10.0 , ' privilege escalation ' ] ,
[ ' 3.0 ' , ' 3.0p1 ' , 1 , ' CVE-2001-1507 ' , 7.5 , ' bypass authentication ' ] ,
[ ' 1.2.3 ' , ' 3.0.1p1 ' , 5 , ' CVE-2001-0872 ' , 7.2 , ' privilege escalation via crafted environment variables ' ] ,
[ ' 1.2.3 ' , ' 2.1.1 ' , 1 , ' CVE-2001-0361 ' , 4.0 , ' recover plaintext from ciphertext ' ] ,
[ ' 1.2 ' , ' 2.1 ' , 1 , ' CVE-2000-0525 ' , 10.0 , ' execute arbitrary code (improper privileges) ' ] ] ,
' PuTTY ' : [
2022-10-27 16:10:17 +02:00
# info for CVE-2021-36367 - only PuTTY up to 0.71 is affected - see https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/reject-trivial-auth.html
[ ' 0.0 ' , ' 0.71 ' , 2 , ' CVE-2021-36367 ' , 8.1 , ' trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS ' ] ,
[ ' 0.0 ' , ' 0.74 ' , 2 , ' CVE-2021-33500 ' , 5.0 , ' denial of service of the complete windows desktop ' ] ,
[ ' 0.68 ' , ' 0.73 ' , 2 , ' CVE-2020-14002 ' , 4.3 , ' Observable Discrepancy which allows man-in-the-middle attackers to target initial connection attempts ' ] ,
2020-10-15 20:34:23 +02:00
[ ' 0.54 ' , ' 0.73 ' , 2 , ' CVE-2020-XXXX ' , 5.0 , ' out of bounds memory read ' ] ,
[ ' 0.0 ' , ' 0.72 ' , 2 , ' CVE-2019-17069 ' , 5.0 , ' potential DOS by remote SSHv1 server ' ] ,
[ ' 0.71 ' , ' 0.72 ' , 2 , ' CVE-2019-17068 ' , 5.0 , ' xterm bracketed paste mode command injection ' ] ,
[ ' 0.52 ' , ' 0.72 ' , 2 , ' CVE-2019-17067 ' , 7.5 , ' port rebinding weakness in port forward tunnel handling ' ] ,
[ ' 0.0 ' , ' 0.71 ' , 2 , ' CVE-2019-XXXX ' , 5.0 , ' undefined vulnerability in obsolete SSHv1 protocol handling ' ] ,
[ ' 0.0 ' , ' 0.71 ' , 6 , ' CVE-2019-XXXX ' , 5.0 , ' local privilege escalation in Pageant ' ] ,
[ ' 0.0 ' , ' 0.70 ' , 2 , ' CVE-2019-9898 ' , 7.5 , ' potential recycling of random numbers ' ] ,
[ ' 0.0 ' , ' 0.70 ' , 2 , ' CVE-2019-9897 ' , 5.0 , ' multiple denial-of-service issues from writing to the terminal ' ] ,
[ ' 0.0 ' , ' 0.70 ' , 6 , ' CVE-2019-9896 ' , 4.6 , ' local application hijacking through malicious Windows help file ' ] ,
[ ' 0.0 ' , ' 0.70 ' , 2 , ' CVE-2019-9894 ' , 6.4 , ' buffer overflow in RSA key exchange ' ] ,
[ ' 0.0 ' , ' 0.69 ' , 6 , ' CVE-2016-6167 ' , 4.4 , ' local application hijacking through untrusted DLL loading ' ] ,
[ ' 0.0 ' , ' 0.67 ' , 2 , ' CVE-2017-6542 ' , 7.5 , ' buffer overflow in UNIX client that can result in privilege escalation or denial-of-service ' ] ,
[ ' 0.0 ' , ' 0.66 ' , 2 , ' CVE-2016-2563 ' , 7.5 , ' buffer overflow in SCP command-line utility ' ] ,
[ ' 0.0 ' , ' 0.65 ' , 2 , ' CVE-2015-5309 ' , 4.3 , ' integer overflow in terminal-handling code ' ] ,
]
2021-01-21 16:20:48 +01:00
}
TXT : Dict [ str , List [ List [ Any ] ] ] = {
2020-10-15 20:34:23 +02:00
' Dropbear SSH ' : [
[ ' 0.28 ' , ' 0.34 ' , 1 , ' remote root exploit ' , ' remote format string buffer overflow exploit (exploit-db#387) ' ] ] ,
' libssh ' : [
[ ' 0.3.3 ' , ' 0.3.3 ' , 1 , ' null pointer check ' , ' missing null pointer check in " crypt_set_algorithms_server " ' ] ,
[ ' 0.3.3 ' , ' 0.3.3 ' , 1 , ' integer overflow ' , ' integer overflow in " buffer_get_data " ' ] ,
[ ' 0.3.3 ' , ' 0.3.3 ' , 3 , ' heap overflow ' , ' heap overflow in " packet_decrypt " ' ] ]
2021-01-21 16:20:48 +01:00
}