Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-1667

Published: 9 May 2023

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

Priority

Medium

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
libssh
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal
Released (0.9.3-2ubuntu2.3)
jammy
Released (0.9.6-2ubuntu0.22.04.1)
kinetic
Released (0.9.6-2ubuntu0.22.10.1)
lunar
Released (0.10.4-2ubuntu0.1)
mantic
Released (0.10.5-2)
trusty Ignored
(end of standard support)
upstream
Released (0.10.5)
xenial Ignored
(backporting risks regressions)
Patches:
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=a30339d7b16da7784413e4a4667feb3604ed0458
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=247a4a761cfa745ed1090290c5107de6321143c9
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=99760776d4552d8e63edd68ba4a7448766517b8c
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=6df2daea040c47daff0a861a30761092886fe748
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=b759ae557d611ba347392c051504de474a8d9b60
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=fc1a8bb4555624f85ba1370721ad2086a4feff8c
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=70565ac43867053871f47378c53e5d90ba9007d8
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=d08f1b2377fead6489aa1d6a102bf65895ecf858
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=dc1254d53e4fc6cbeb4797fc6ca1c9ed2c21f15c
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=85ddd8b34ec3667d1c694bfea1db7862bc498146
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=6887a5bb20b2903c784336d15518271c7a451c51
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=abcf9699aadf93eec8a580df7ef32f91a0e21de2
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=c4f05c28aae15ed8c4d431342ce8ec1a93e56102
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=aaa3d4fc7d7685748c11f35a74eac49faf40220d
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=0c855d2949252f335a48c968334edb19761f6a06
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=18576cf98fc0bd3a43e923cb60938b970d961ca8
upstream: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.9&id=b733df6ddca80b11c2548ca88821b1c353480901

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading