oss-sec mailing list archives
libssh - CVE-2020-1730
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Thu, 9 Apr 2020 14:57:58 +0530
Hi All, A vulnerability was found in libssh through version 0.8.0, where a malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection. Reference: https://www.libssh.org/security/advisories/CVE-2020-1730.txt -- Huzaifa Sidhpurwala / Red Hat Product Security
Current thread:
- libssh - CVE-2020-1730 Huzaifa Sidhpurwala (Apr 09)