Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-1730

Опубликовано: 13 апр. 2020
Источник: debian

Описание

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libsshfixed0.9.4-1package
libsshfixed0.8.7-1+deb10u1busterpackage
libsshnot-affectedstretchpackage
libsshnot-affectedjessiepackage

Примечания

  • https://www.libssh.org/security/advisories/CVE-2020-1730.txt

  • https://bugs.libssh.org/T213

  • Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0)

  • Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a

Связанные уязвимости

ubuntu логотип

CVE-2020-1730

CVSS3: 5.3
ubuntu
почти 6 лет назад

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

redhat логотип

CVE-2020-1730

CVSS3: 5.3
redhat
почти 6 лет назад

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

nvd логотип

CVE-2020-1730

CVSS3: 5.3
nvd
почти 6 лет назад

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

suse-cvrf логотип

openSUSE-SU-2020:0510-1

suse-cvrf
почти 6 лет назад

Security update for libssh

suse-cvrf логотип

SUSE-SU-2020:0968-1

suse-cvrf
почти 6 лет назад

Security update for libssh