4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.3 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
89.8%
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a “Client: Diffie-Hellman Key Exchange Init” packet.
lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html
lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html
secunia.com/advisories/51982
www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
www.ubuntu.com/usn/USN-1707-1
exchange.xforce.ibmcloud.com/vulnerabilities/81595