CVE-2020-1730
CVE-2020-1730
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 3.1%KEV nãoPoC —Patch referenciado
Lifecycle
13 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Red Hat · libsshWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/https://security.netapp.com/advisory/ntap-20200424-0001/https://usn.ubuntu.com/4327-1/https://www.libssh.org/security/advisories/CVE-2020-1730.txthttps://www.oracle.com/security-alerts/cpuoct2020.html