{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-1730", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T06:46:30.844Z", "dateReserved": "2019-11-27T00:00:00", "datePublished": "2020-04-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-10-07T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability."}], "affected": [{"vendor": "Red Hat", "product": "libssh", "versions": [{"version": "libssh versions before 0.8.9", "status": "affected"}, {"version": "libssh versions before 0.9.4", "status": "affected"}]}], "references": [{"name": "FEDORA-2020-5a77f0d68f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/"}, {"name": "USN-4327-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4327-1/"}, {"name": "FEDORA-2020-6cad41abb0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730"}, {"url": "https://security.netapp.com/advisory/ntap-20200424-0001/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476", "cweId": "CWE-476"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.844Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2020-5a77f0d68f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/"}, {"name": "USN-4327-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4327-1/"}, {"name": "FEDORA-2020-6cad41abb0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20200424-0001/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "258D29CC-4892-4308-8C84-9AADA1C87C31", "versionEndExcluding": "0.8.9", "versionStartIncluding": "0.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "D634C2D0-A911-4715-B665-D8F6ADFC5293", "versionEndExcluding": "0.9.4", "versionStartIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E07B577-50FE-43B4-8AAD-4C267A494A36", "versionEndIncluding": "8.0.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si est\u00e1 habilitado). El servidor o el cliente podr\u00edan bloquearse cuando la conexi\u00f3n no ha sido inicializada completamente y el sistema intenta limpiar los cifrados cuando se cierra la conexi\u00f3n. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "id": "CVE-2020-1730", "lastModified": "2023-11-07T03:19:30.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-04-13T19:15:11.173", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200424-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4327-1/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.libssh.org/security/advisories/CVE-2020-1730.txt"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank libssh team for reporting this issue. Upstream acknowledges Yasheng Yang (Google) as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:4545", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libssh-0:0.9.4-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4545", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libssh-0:0.9.4-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:5218", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.3-20201116.0.el8_3", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2020-11-24T00:00:00Z"}], "bugzilla": {"description": "libssh: denial of service when handling AES-CTR (or DES) ciphers", "id": "1801998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801998"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-476", "details": ["A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.", "A flaw was found in the way libssh handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability."], "mitigation": {"lang": "en:us", "value": "Disable AES-CTR ciphers (and DES in libssh 0.8). If you implement a server using libssh we advise to use a prefork model so each session runs in an own process. If you have implemented your server this way this is not really an issue. The client will kill its own connection."}, "name": "CVE-2020-1730", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-04-09T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1730\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1730\nhttps://www.libssh.org/security/advisories/CVE-2020-1730.txt"], "threat_severity": "Moderate", "upstream_fix": "libssh 0.8.9, libssh 0.9.4"}