CVE-2014-8132 — Double Free in Libssh

9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.3%

top 12.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh Canonical Ubuntu Linux Debian Linux +2 more

Timeline

PublishedDec 29

Latest updateMay 14

Description

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianlibssh/libssh< 0.6.3-4+3

▶NVDlibssh/libssh9 versions+8

▶NVDopensuse/opensuse12.3, 13.1, 13.2+2

Also affects: Debian Linux 7.0, 8.0, Fedora 19, 20, 21, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: www.libssh.org ↗Patch: www.libssh.org ↗

🔴Vulnerability Details

GHSA

GHSA-82h4-v777-3pj8: Double free vulnerability in the ssh_packet_kexinit function in kex↗2022-05-14

▶

OSV

CVE-2014-8132: Double free vulnerability in the ssh_packet_kexinit function in kex↗2014-12-29

▶

CVEList

CVE-2014-8132: Double free vulnerability in the ssh_packet_kexinit function in kex↗2014-12-29

▶

📋Vendor Advisories

Ubuntu

libssh vulnerability↗2015-01-19

▶

Debian

CVE-2014-8132: libssh - Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8132 libssh: Possible double free on a dangling pointer with crafted kexinit packet [fedora-all]↗2014-12-19

▶

Bugzilla

CVE-2014-8132 libssh: Possible double free on a dangling pointer with crafted kexinit packet [epel-all]↗2014-12-19

▶

Bugzilla

CVE-2014-8132 libssh: Possible double free on a dangling pointer with crafted kexinit packet↗2014-10-28

▶