Design/Logic Flaw

2020-04-1319:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.1 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

71.9%

JSON

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn’t been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq19.10
fedoraeq31
fedoraeq32
libsshge0.9.0
libsshlt0.9.4
libsshge0.8.0
libsshlt0.8.9
mysql_workbenchle8.0.21
enterprise_linuxeq8.0

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	19.10
fedora	eq	31
fedora	eq	32
libssh	ge	0.9.0
libssh	lt	0.9.4
libssh	ge	0.8.0
libssh	lt	0.8.9
mysql_workbench	le	8.0.21
enterprise_linux	eq	8.0