Vulnerability CVE-2020-1730: Information

Description

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-1730
Published: April 13, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-476

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libsshsisyphus0.9.5-alt10.10.6-alt1ALT-PU-2021-1788-1271598Fixed
libsshp100.9.5-alt10.10.6-alt1ALT-PU-2021-1788-1271598Fixed
libsshp90.9.5-alt10.9.6-alt1ALT-PU-2021-2381-1277424Fixed
libsshc10f10.9.5-alt10.10.6-alt1ALT-PU-2021-1788-1271598Fixed
libsshc9f20.9.6-alt10.10.6-alt1ALT-PU-2021-3669-1291746Fixed
libsshp110.9.5-alt10.10.6-alt1ALT-PU-2021-1788-1271598Fixed
mysql-workbench-communitysisyphus8.0.25-alt18.0.33-alt2.3ALT-PU-2021-1906-1272319Fixed
mysql-workbench-communityp108.0.25-alt18.0.25-alt2ALT-PU-2021-1906-1272319Fixed
mysql-workbench-communityp98.0.25-alt28.0.25-alt2ALT-PU-2021-2382-1277424Fixed
mysql-workbench-communityc10f18.0.25-alt18.0.25-alt2ALT-PU-2021-1906-1272319Fixed
mysql-workbench-communityc9f28.0.25-alt38.0.25-alt3ALT-PU-2021-3670-1291746Fixed
mysql-workbench-communityp118.0.25-alt18.0.33-alt2.2ALT-PU-2021-1906-1272319Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.libssh.org/security/advisories/CVE-2020-1730.txt
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730
  • Issue Tracking
  • Third Party Advisory
USN-4327-1
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20200424-0001/
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
  • Patch
  • Third Party Advisory
FEDORA-2020-5a77f0d68f
    FEDORA-2020-6cad41abb0

        1. Configuration 1

          cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
          Start including
          0.9.0
          End excliding
          0.9.4
          cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
          Start including
          0.8.0
          End excliding
          0.8.9

          Configuration 2

          cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
          cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
          End including
          8.0.21
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.3
      Back to top