A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2020-04-13 19:15
Updated : 2024-11-21 05:11
NVD link : CVE-2020-1730
Mitre link : CVE-2020-1730
CVE.ORG link : CVE-2020-1730
JSON object : View
Products Affected
netapp
- cloud_backup
fedoraproject
- fedora
redhat
- enterprise_linux
canonical
- ubuntu_linux
oracle
- mysql_workbench
libssh
- libssh
CWE
CWE-476
NULL Pointer Dereference