A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 | Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/ | |
https://security.netapp.com/advisory/ntap-20200424-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4327-1/ | Third Party Advisory |
https://www.libssh.org/security/advisories/CVE-2020-1730.txt | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuoct2020.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Nov 2022, 20:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Canonical ubuntu Linux
Netapp cloud Backup Canonical Netapp |
|
CPE | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
14 Sep 2021, 13:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* | |
CWE | CWE-476 |
Information
Published : 2020-04-13 19:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-1730
Mitre link : CVE-2020-1730
CVE.ORG link : CVE-2020-1730
JSON object : View
Products Affected
fedoraproject
- fedora
libssh
- libssh
redhat
- enterprise_linux
oracle
- mysql_workbench
netapp
- cloud_backup
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference