scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"237605168131558559297836982470952548709",
"9918060269501218287803774112349406154",
"254210735453032564243385078505601071235",
"223618394384082972896881724008970952628"
]
},
"target": {
"file": "scp.c"
},
"id": "CVE-2020-36254-6b4e4aee",
"signature_version": "v1",
"source": "https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "298365816134113397236732700876039872175",
"length": 6041.0
},
"target": {
"function": "sink",
"file": "scp.c"
},
"id": "CVE-2020-36254-b4c99c49",
"signature_version": "v1",
"source": "https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff",
"signature_type": "Function",
"deprecated": false
}
]