DEBIAN-CVE-2020-1730

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-1730

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-1730.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-1730

Upstream

CVE-2020-1730

Published

2020-04-13T19:15:11Z

Modified

2025-09-19T06:18:04Z

Summary

[none]

Details

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

References

https://security-tracker.debian.org/tracker/CVE-2020-1730

Affected packages

Debian:11 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libssh

Package

Name: libssh
Purl: pkg:deb/debian/libssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}