{"id":"CVE-2020-36254","details":"scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.","modified":"2026-04-11T13:53:13.574656Z","published":"2021-02-25T09:15:13.037Z","references":[{"type":"FIX","url":"https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mkj/dropbear","events":[{"introduced":"0"},{"fixed":"1e10af850ba6e0c3a9af1382ed0f33981d2754ec"},{"fixed":"8f8a3dff705fad774a10864a2e3dbcfa9779ceff"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2020.79"}]}}],"versions":["DROPBEAR_0.48","DROPBEAR_0.49","DROPBEAR_0.50","DROPBEAR_0.51","DROPBEAR_0.53","DROPBEAR_0.53.1","DROPBEAR_2011.54","DROPBEAR_2012.55","DROPBEAR_2013.56","DROPBEAR_2013.57","DROPBEAR_2013.58","DROPBEAR_2013.59","DROPBEAR_2013.60","DROPBEAR_2013.61test","DROPBEAR_2013.62","DROPBEAR_2014.63","DROPBEAR_2014.64","DROPBEAR_2014.65","DROPBEAR_2014.66","DROPBEAR_2015.67","DROPBEAR_2015.68","DROPBEAR_2015.69","DROPBEAR_2015.70","DROPBEAR_2015.71","DROPBEAR_2016.73","DROPBEAR_2016.74","DROPBEAR_2017.75","DROPBEAR_2018.76","DROPBEAR_2019.77","DROPBEAR_2019.78","libtomcrypt-1.05"],"database_specific":{"vanir_signatures_modified":"2026-04-11T13:53:13Z","vanir_signatures":[{"deprecated":false,"target":{"file":"scp.c"},"source":"https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff","digest":{"line_hashes":["237605168131558559297836982470952548709","9918060269501218287803774112349406154","254210735453032564243385078505601071235","223618394384082972896881724008970952628"],"threshold":0.9},"signature_type":"Line","id":"CVE-2020-36254-6b4e4aee","signature_version":"v1"},{"deprecated":false,"target":{"file":"scp.c","function":"sink"},"source":"https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff","digest":{"function_hash":"298365816134113397236732700876039872175","length":6041},"signature_type":"Function","id":"CVE-2020-36254-b4c99c49","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36254.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}