I don't think a CVE-2026-3706 should have been assigned for this bug,
there is no need for a security update release.
An exploit against the SSH implementation _hasn't_ been disclosed.
Rather there is sample code against the internal API.
It might be applicable if Dropbear were a general purpose cryptography
library, but it isn't.
Matt
On 2026-03-15 11:07 pm, Salvatore Bonaccorso wrote:
Source: dropbear
Version: 2025.89-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/mkj/dropbear/issues/406
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
The following vulnerability was published for dropbear.
CVE-2026-3706[0]:
| A vulnerability was determined in mkj Dropbear up to 2025.89.
| Impacted is the function unpackneg of the file src/curve25519.c of
| the component S Range Check. This manipulation causes improper
| verification of cryptographic signature. The attack can be initiated
| remotely. The attack is considered to have high complexity. The
| exploitability is considered difficult. The exploit has been
| publicly disclosed and may be utilized. Patch name:
| fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is
| recommended to deploy a patch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-3706
https://www.cve.org/CVERecord?id=CVE-2026-3706
[1] https://github.com/mkj/dropbear/issues/406
[2] https://github.com/mkj/dropbear/pull/407
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
