UBUNTU-CVE-2020-1730

Source
https://ubuntu.com/security/CVE-2020-1730
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-1730.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-1730
Related
Published
2020-04-09T09:00:00Z
Modified
2020-04-09T09:00:00Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

References

Affected packages

Ubuntu:18.04:LTS / libssh

Package

Name
libssh
Purl
pkg:deb/ubuntu/libssh?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.0~20170825.94fa1e38-1ubuntu0.6

Affected versions

0.*

0.7.5-1
0.8.0~20170825.94fa1e38-1
0.8.0~20170825.94fa1e38-1build1
0.8.0~20170825.94fa1e38-1ubuntu0.1
0.8.0~20170825.94fa1e38-1ubuntu0.2
0.8.0~20170825.94fa1e38-1ubuntu0.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-4"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-4-dbgsym"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-dev"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-doc"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-gcrypt-4"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-gcrypt-4-dbgsym"
        },
        {
            "binary_version": "0.8.0~20170825.94fa1e38-1ubuntu0.6",
            "binary_name": "libssh-gcrypt-dev"
        }
    ]
}