CVE 2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
See the
CVE page on Mitre.org
for more details.