The DSS verification code in Dropbear SSH Server prior to 0.43 frees uninitialized variables, which might allow remote malicious users to gain access.
dropbear ssh project dropbear ssh