CVE Vulnerabilities

CVE-2020-1730

NULL Pointer Dereference

Published: Apr 13, 2020 | Modified: Nov 07, 2023
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasnt been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Libssh Libssh 0.8.0 (including) 0.8.9 (excluding)
Libssh Libssh 0.9.0 (including) 0.9.4 (excluding)
Red Hat Enterprise Linux 8 RedHat libssh-0:0.9.4-2.el8 *
Red Hat Enterprise Linux 8 RedHat libssh-0:0.9.4-2.el8 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 RedHat redhat-virtualization-host-0:4.4.3-20201116.0.el8_3 *
Libssh Ubuntu bionic *
Libssh Ubuntu devel *
Libssh Ubuntu eoan *
Libssh Ubuntu trusty *
Libssh Ubuntu upstream *

Potential Mitigations

References