oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

libssh - CVE-2020-1730

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 9 Apr 2020 14:57:58 +0530
Hi All,

A vulnerability was found in libssh through version 0.8.0, where a
malicious client or server could crash the counterpart implemented with
libssh AES-CTR ciphers are used and don't get fully initialized. It will
crash when it tries to cleanup the AES-CTR ciphers when closing the
connection.

Reference:
https://www.libssh.org/security/advisories/CVE-2020-1730.txt



-- 
Huzaifa Sidhpurwala / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: