CVE-2020-14145

Опубликовано: 29 июн. 2020

Источник: ubuntu

Приоритет: low

CVSS2: 4.3

CVSS3: 5.9

Описание

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was deferred
devel	not-affected	see notes
eoan	ignored	end of life
esm-infra-legacy/trusty	not-affected	see notes
esm-infra/bionic	not-affected	see notes
esm-infra/focal	not-affected	see notes
esm-infra/xenial	not-affected	see notes
fips-updates/bionic	not-affected	see notes
fips-updates/focal	not-affected	see notes
fips-updates/xenial	not-affected	see notes

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was deferred
devel	not-affected	see notes
eoan	ignored	end of life
esm-apps/bionic	not-affected	see notes
esm-apps/focal	not-affected	see notes
esm-apps/jammy	not-affected	see notes
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was ignored [see notes]
groovy	ignored	end of life
hirsute	ignored	end of life

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2020-14145

CVSS3: 5.9

redhat

больше 5 лет назад

CVE-2020-14145

CVSS3: 5.9

nvd

больше 5 лет назад

CVE-2020-14145

CVSS3: 5.9

msrc

больше 5 лет назад

Описание отсутствует

CVE-2020-14145

CVSS3: 5.9

debian

больше 5 лет назад

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...

openSUSE-SU-2020:2298-1

suse-cvrf

около 5 лет назад

Security update for openssh

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2020-14145

Описание

Пакет openssh

Пакет openssh-ssh1

Ссылки на источники

Связанные уязвимости