VDB
ALPINE-CVE-2018-20685
ALPINE-CVE-2018-20685
PUBLISHED
CVSS 5.300000190734863 MEDIUM
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.9 | dropbear | 0, 2018.76-r2, 2018.76-r1 |
| Alpine:v3.20 | openssh | 5.1_p1-r2, 7.9, 7.9 |
| Alpine:v3.17 | openssh | 7.2_p1-r0, 7.9, 7.9 |
| Alpine:v3.22 | openssh | 7.5, 7.9, 7.9 |
| Alpine:v3.17 | dropbear | 2015.68-r1, 2015.68-r2, 2015.70-r2 |
| Alpine:v3.13 | dropbear | 2013.58-r0, 0, 0.52-r0 |
| Alpine:v3.8 | openssh | 7.5_p1-r5, 7.5_p1-r8, 7.6_p1-r0 |
| Alpine:v3.18 | dropbear | 2013.58-r0, 2014.63-r0, 2014.65-r0 |
| Alpine:v3.10 | dropbear | 2014.63-r0, 2014.65-r0, 2014.66-r0 |
| Alpine:v3.14 | openssh | *, 5.8_p2-r0, 5.8_p1-r2 |
| Alpine:v3.13 | openssh | 7.9, 7.9, 7.9 |
| Alpine:v3.16 | openssh | *, 0, 5.1_p1-r1 |
| Alpine:v3.15 | dropbear | 2015.68-r0, 2014.66-r1, 2014.65-r0 |
| Alpine:v3.23 | dropbear | 2016.74-r1, 0, 0.52-r1 |
| Alpine:v3.9 | openssh | 6.9_p1-r1, 6.9_p1-r0, * |
| Alpine:v3.10 | openssh | *, *, * |
| Alpine:v3.12 | openssh | 7.2_p2-r0, 7.2_p1-r0, 7.1_p2-r0 |
| Alpine:v3.7 | openssh | 7.5_p1-r1, 7.5_p1-r0, 7.4_p1-r2 |
| Alpine:v3.15 | openssh | 7.5_p1-r2, *, * |
| Alpine:v3.16 | dropbear | 2012.55-r0, 0, 0.52-r0 |
…and 13 more
Timeline
- Jan 10, 2019 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch