CVE-2020-1730

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Libssh
Vendor
CVE Published:
13 April 2020

Summary

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Affected Version(s)

libssh libssh versions before 0.8.9

libssh libssh versions before 0.9.4

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://usn.ubuntu.com/4327-1/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.