CVE-2020-1730

Priority
Description
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the
way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or
client could crash when the connection hasn't been fully initialized and
the system tries to cleanup the ciphers when closing the connection. The
biggest threat from this vulnerability is system availability.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.8.9,0.9.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.8.0~20170825.94fa1e38-1ubuntu0.6)
Ubuntu 19.10 (Eoan Ermine):released (0.9.0-1ubuntu1.4)
Ubuntu 20.04 (Focal Fossa):released (0.9.3-2ubuntu2)
More Information

Updated: 2020-04-16 14:17:14 UTC (commit 51b927900319f5ad01968dd4076559bc1f457caa)