Lucene search

K

[email protected]NVD:CVE-2013-0176

HistoryFeb 05, 2013 - 11:55 p.m.

CVE-2013-0176

2013-02-0523:55:01

CWE-399

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.3 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.8%

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a “Client: Diffie-Hellman Key Exchange Init” packet.

Affected configurations

NVD

Node

libsshlibsshRange≤0.5.3

OR

libsshlibsshMatch0.4.7

OR

libsshlibsshMatch0.4.8

OR

libsshlibsshMatch0.5.0

OR

libsshlibsshMatch0.5.0rc1

OR

libsshlibsshMatch0.5.1

OR

libsshlibsshMatch0.5.2

References

lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html

lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html

secunia.com/advisories/51982

www.libssh.org/2013/01/22/libssh-0-5-4-security-release/

www.ubuntu.com/usn/USN-1707-1

exchange.xforce.ibmcloud.com/vulnerabilities/81595

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

8.3 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.8%

Related for NVD:CVE-2013-0176

prion1 openvas7 cve1 nessus7 securityvulns2 ubuntu1 fedora2 debiancve1 cvelist1 slackware1 ubuntucve1