Merge pull request #1714 from RedHatProductSecurity/CVE-2017-2659

CVE-2017-2659
2025-08-04 08:44:25 +00:00 · 2019-03-20 16:46:44 -04:00 · 2019-03-20 16:46:44 -04:00 · cca755402c
commit cca755402c
parent 3671e84f94 e0c7656115
1 changed files with 64 additions and 8 deletions
--- a/2017/2xxx/CVE-2017-2659.json
+++ b/2017/2xxx/CVE-2017-2659.json
@ -1,18 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2017-2659",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2017-2659",
+        "ASSIGNER": "lpardo@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[UNKNOWN]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "dropbear",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "fixed in 2013.59"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-209"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}