CVE-2020-1730

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1730
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1730.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1730
Related
Published
2020-04-13T19:15:11Z
Modified
2024-10-12T06:15:47.699012Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

References

Affected packages

Alpine:v3.10 / libssh

Package

Name
libssh
Purl
pkg:apk/alpine/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.9-r0

Affected versions

0.*

0.4.5-r0
0.4.6-r0
0.4.8-r0
0.5.0-r0
0.5.1-r0
0.5.2-r0
0.5.2-r1
0.5.3-r0
0.5.4-r0
0.5.5-r0
0.6.0-r0
0.6.3-r0
0.6.4-r0
0.6.5-r0
0.7.0-r0
0.7.1-r0
0.7.2-r0
0.7.3-r0
0.7.3-r1
0.7.4-r0
0.7.5-r0
0.7.5-r1
0.7.5-r2
0.7.5-r3
0.7.6-r0
0.7.6-r1
0.8.8-r0

Alpine:v3.11 / libssh

Package

Name
libssh
Purl
pkg:apk/alpine/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-r0

Affected versions

0.*

0.4.5-r0
0.4.6-r0
0.4.8-r0
0.5.0-r0
0.5.1-r0
0.5.2-r0
0.5.2-r1
0.5.3-r0
0.5.4-r0
0.5.5-r0
0.6.0-r0
0.6.3-r0
0.6.4-r0
0.6.5-r0
0.7.0-r0
0.7.1-r0
0.7.2-r0
0.7.3-r0
0.7.3-r1
0.7.4-r0
0.7.5-r0
0.7.5-r1
0.7.5-r2
0.7.5-r3
0.7.6-r0
0.7.6-r1
0.8.7-r0
0.9.0-r0
0.9.2-r0
0.9.3-r0

Alpine:v3.9 / libssh

Package

Name
libssh
Purl
pkg:apk/alpine/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.6-r3

Affected versions

0.*

0.4.5-r0
0.4.6-r0
0.4.8-r0
0.5.0-r0
0.5.1-r0
0.5.2-r0
0.5.2-r1
0.5.3-r0
0.5.4-r0
0.5.5-r0
0.6.0-r0
0.6.3-r0
0.6.4-r0
0.6.5-r0
0.7.0-r0
0.7.1-r0
0.7.2-r0
0.7.3-r0
0.7.3-r1
0.7.4-r0
0.7.5-r0
0.7.5-r1
0.7.5-r2
0.7.5-r3
0.7.6-r0
0.7.6-r1
0.7.6-r2

Debian:11 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libssh

Package

Name
libssh
Purl
pkg:deb/debian/libssh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/libssh/libssh-mirror

Affected ranges

Type
GIT
Repo
https://gitlab.com/libssh/libssh-mirror
Events

Affected versions

libssh-0.*

libssh-0.8.0
libssh-0.8.1
libssh-0.8.2
libssh-0.8.3
libssh-0.8.4
libssh-0.8.5
libssh-0.8.6
libssh-0.8.7
libssh-0.8.8