CVE-2014-8132
Priority
Medium
Description
Double free vulnerability in the ssh_packet_kexinit function in kex.c in
libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a
denial of service via a crafted kexinit packet.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
http://www.libssh.org/security/advisories/CVE-2014-8132.txt
http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
https://usn.ubuntu.com/usn/usn-2478-1
Bugs
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773577
Notes
mdeslaur> 0.5.1 and higher
Assigned-to
mdeslaur
Package
Source:
libssh
(
LP
Ubuntu
Debian
)
Upstream:
released
(0.6.4)
Ubuntu 14.04 LTS (Trusty Tahr)
:
released
(0.6.1-0ubuntu3.1)
Patches:
Upstream:
http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f
More Information
Mitre
NVD
Launchpad
Debian
Updated
: 2017-12-15 20:33:52 UTC (commit
13913
)