Unrated severityNVD Advisory· Published Apr 13, 2020· Updated Aug 4, 2024
CVE-2020-1730
CVE-2020-1730
Description
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- osv-coords15 versionspkg:rpm/opensuse/libssh&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/libssh&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libssh&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 0.8.7-lp151.2.12.1+ 14 more
- (no CPE)range: < 0.8.7-lp151.2.12.1
- (no CPE)range: < 0.9.6-2.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.8.7-10.12.1
- (no CPE)range: < 0.8.7-3.9.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.8.7-3.9.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.9.8-150200.13.3.1
- (no CPE)range: < 0.8.7-3.9.1
- Red Hat/libsshv5Range: libssh versions before 0.8.9
Patches
Vulnerability mechanics
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/mitrevendor-advisory
- usn.ubuntu.com/4327-1/mitrevendor-advisory
- bugzilla.redhat.com/show_bug.cgimitre
- security.netapp.com/advisory/ntap-20200424-0001/mitre
- www.libssh.org/security/advisories/CVE-2020-1730.txtmitre
- www.oracle.com/security-alerts/cpuoct2020.htmlmitre
News mentions
0No linked articles in our index yet.