CVE-2020-1730 — NULL Pointer Dereference in Libssh
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 70.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 13
Latest updateMay 24
Description
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages4 packages
Also affects: Fedora 31, 32, Ubuntu Linux 18.04, 19.10, Enterprise Linux 8.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2020-1730: libssh - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it ...↗2020