CVE-2020-1730

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1730

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1730.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1730

Related

Published

2020-04-13T19:15:11Z

Modified

2024-09-11T04:34:09.174961Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

References

Affected packages

Alpine:v3.10 / libssh

Package

Name: libssh
Purl: pkg:apk/alpine/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.9-r0

Affected versions

0.*

0.4.5-r0

0.4.6-r0

0.4.8-r0

0.5.0-r0

0.5.1-r0

0.5.2-r0

0.5.2-r1

0.5.3-r0

0.5.4-r0

0.5.5-r0

0.6.0-r0

0.6.3-r0

0.6.4-r0

0.6.5-r0

0.7.0-r0

0.7.1-r0

0.7.2-r0

0.7.3-r0

0.7.3-r1

0.7.4-r0

0.7.5-r0

0.7.5-r1

0.7.5-r2

0.7.5-r3

0.7.6-r0

0.7.6-r1

0.8.8-r0

Alpine:v3.11 / libssh

Package

Name: libssh
Purl: pkg:apk/alpine/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-r0

Affected versions

0.*

0.4.5-r0

0.4.6-r0

0.4.8-r0

0.5.0-r0

0.5.1-r0

0.5.2-r0

0.5.2-r1

0.5.3-r0

0.5.4-r0

0.5.5-r0

0.6.0-r0

0.6.3-r0

0.6.4-r0

0.6.5-r0

0.7.0-r0

0.7.1-r0

0.7.2-r0

0.7.3-r0

0.7.3-r1

0.7.4-r0

0.7.5-r0

0.7.5-r1

0.7.5-r2

0.7.5-r3

0.7.6-r0

0.7.6-r1

0.8.7-r0

0.9.0-r0

0.9.2-r0

0.9.3-r0

Alpine:v3.9 / libssh

Package

Name: libssh
Purl: pkg:apk/alpine/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.6-r3

Affected versions

0.*

0.4.5-r0

0.4.6-r0

0.4.8-r0

0.5.0-r0

0.5.1-r0

0.5.2-r0

0.5.2-r1

0.5.3-r0

0.5.4-r0

0.5.5-r0

0.6.0-r0

0.6.3-r0

0.6.4-r0

0.6.5-r0

0.7.0-r0

0.7.1-r0

0.7.2-r0

0.7.3-r0

0.7.3-r1

0.7.4-r0

0.7.5-r0

0.7.5-r1

0.7.5-r2

0.7.5-r3

0.7.6-r0

0.7.6-r1

0.7.6-r2

Debian:11 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/libssh/libssh-mirror

Affected ranges

Type: GIT
Repo: https://gitlab.com/libssh/libssh-mirror
Events: Introduced

d66ea0b3b100664916cbab965e79a870e31ac7fe

Fixed

04685a74df9ce1db1bc116a83a0da78b4f4fa1f8

Affected versions

libssh-0.*

libssh-0.8.0

libssh-0.8.1

libssh-0.8.2

libssh-0.8.3

libssh-0.8.4

libssh-0.8.5

libssh-0.8.6

libssh-0.8.7

libssh-0.8.8