PT-2020-2220 · Libssh+6 · Libssh+6

Published

2020-02-12

·

Updated

2024-06-15

·

CVE-2020-1730

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.8.9 libssh versions prior to 0.9.4
Description The issue is related to uncontrolled resource consumption in the libssh library. It can be exploited by a remote attacker to cause a denial of service. The vulnerability arises from the way libssh handles AES-CTR (or DES ciphers if enabled) ciphers, potentially causing the server or client to crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this issue is system availability.
Recommendations For libssh versions prior to 0.8.9, update to version 0.8.9 or later. For libssh versions prior to 0.9.4, update to version 0.9.4 or later.

Exploit

Fix

NULL Pointer Dereference

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-400

Related Identifiers

ALT-PU-2021-1788
ALT-PU-2021-1906
ALT-PU-2021-2381
ALT-PU-2021-2382
ALT-PU-2021-3669
ALT-PU-2021-3670
BDU:2020-02135
CESA-2020_4545
CVE-2020-1730
MGASA-2020-0171
OPENSUSE-SU-2020:0510-1
OPENSUSE-SU-2020_0510-1
OPENSUSE-SU-2024:11603-1
RHSA-2020:4545
RHSA-2020:5218
RHSA-2020_4545
RLSA-2020:4545
SUSE-SU-2020:0967-1
SUSE-SU-2020:0968-1
SUSE-SU-2020_0967-1
SUSE-SU-2020_0968-1
SUSE-SU-2024:0525-1
SUSE-SU-2024:0539-1
USN-4327-1

Affected Products

Alt Linux
Centos
Red Hat
Rocky Linux
Suse
Ubuntu
Libssh