CVE-2020-1730
Description
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasnt been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.076
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1730,CVE-2020-1967 are affected in MySQL Workbench Enterprise Edition 8.0.21 | Windows |
| Vulnerabilities CVE-2020-1730,CVE-2020-1967 are affected in MySQL Workbench CE (x64) 8.0.21 | Windows |
| A tiny C SSH library (USN-4327-1) libssh-4_0.9.0-1ubuntu1.4_i386.deb | Linux |
| A tiny C SSH library (USN-4327-1) libssh-4_0.9.0-1ubuntu1.4_amd64.deb | Linux |
| A tiny C SSH library (USN-4327-1) libssh-4_0.8.0~20170825.94fa1e38-1ubuntu0.6_i386.deb | Linux |
| A tiny C SSH library (USN-4327-1) libssh-4_0.8.0~20170825.94fa1e38-1ubuntu0.6_amd64.deb | Linux |
| SUSE-SU-2020:0968-1(SUSE Linux Enterprise Server 12-SP5 ) libssh-debugsource-0.8.7-3.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0968-1(SUSE Linux Enterprise Server 12-SP5 ) libssh4-0.8.7-3.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0968-1(SUSE Linux Enterprise Server 12-SP5 ) libssh4-32bit-0.8.7-3.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0968-1(SUSE Linux Enterprise Server 12-SP5 ) libssh4-debuginfo-0.8.7-3.9.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0968-1(SUSE Linux Enterprise Server 12-SP5 ) libssh4-debuginfo-32bit-0.8.7-3.9.1.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh-config-0.9.8-3.12.2.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh-debugsource-0.9.8-3.12.2.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-0.9.8-3.12.2.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-32bit-0.9.8-3.12.2.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-debuginfo-0.9.8-3.12.2.x86_64.rpm | Linux |
| SUSE-SU-2024:0539-1(SUSE Linux Enterprise Server 12 SP5 ) libssh4-debuginfo-32bit-0.9.8-3.12.2.x86_64.rpm | Linux |
| Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.i686.rpm | Linux |
| Libssh update (ELSA-2024-3233) libssh-0.9.6-14.el8.x86_64.rpm | Linux |
| Libssh-config update (ELSA-2024-3233) libssh-config-0.9.6-14.el8.noarch.rpm | Linux |
| Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.i686.rpm | Linux |
| Libssh-devel update (ELSA-2024-3233) libssh-devel-0.9.6-14.el8.x86_64.rpm | Linux |
| NULL Pointer Dereference Vulnerability (CVE-2020-1730) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-347137 | MySQL Workbench CE (x64) (8.0.42) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234