Denial of Service Vulnerability in libssh by Libssh.org
CVE-2013-0176

Currently unrated

Key Information:

Vendor: Libssh
Status: Libssh
Vendor: CVE Published:; 5 February 2013

What is CVE-2013-0176?

The publickey_from_privatekey function in libssh, prior to version 0.5.4, contains a flaw where missed algorithm matching during negotiation could allow remote attackers to trigger a denial of service condition. This is achieved through sending a specific packet, 'Client: Diffie-Hellman Key Exchange Init', leading to a NULL pointer dereference and subsequent crash of the service. Proper validation of negotiation algorithms is crucial for maintaining service availability.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://exchange.xforce.ibmcloud.com/vulnerabilities/81595

vdb-entryx_refsource_XF

http://secunia.com/advisories/51982

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 5, 2013
Vulnerability Reserved
Dec 6, 2012

JSON