Security Advisories (3)

CVE-2025-40913 (2025-07-16)

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

CVE-2020-36254 (2021-02-25)

scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

CVE-2019-17362 (2019-10-09)

In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.

NAME

Net::Dropbear::XS::SessionAccept - Manage how a command session should be handled by Dropbear.

DESCRIPTION

This type of object is created and passed during the on_chansess_command hook. See Net::Dropbear::SSHd for details. There is no new method for this object, it is only created based on the struct from Dropbear.

ATTRIBUTES

All of these attributes are set to a defaults. if HOOK_COMPLETE is returned, they should be filled in with enough information to allow Dropbear to clean up afterwards. This means it will close file handles and send exit signals to child processes.

channel_index

The index of the channel being opened. This is Read-Only.

Default: The current channel index

cmd

The command that will be ran. This can be changed to a new command and Dropbear will run the new command instead.

Default: The requested command

pid

The pid of the child process

Default: 0 (no child process)

iscmd

A boolean indicating that the request was for a command to be ran.

Default: From the request

issubsys

A boolean indicating that this command was requesting a subsystem (SCP, SFTP, etc).

Default: From the request

writefd

The file descriptor number that this channel will write to. On a command, this would be STDOUT.

Default: -1 (file closed)

readfd

The file descriptor number that this channel will read from. On a command, this would be STDIN.

Default: -1 (file closed)

errfd

The file descriptor number that this channel will write error messages to. On a command, this would be STDERR.

Default: -1 (file closed)

To install Net::Dropbear, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Dropbear

CPAN shell

perl -MCPAN -e shell
install Net::Dropbear

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

ATTRIBUTES

Module Install Instructions