7 matches found
EUVD-2020-12576
Malware in sbrugna...
Security Bulletin: Vulnerability in libssh affects Power Hardware Management Console (CVE-2020-1730).
Summary libssh is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1730 DESCRIPTION: libssh is vulnerable to a denial of service, caused by the use of uninitialized AES-CTR ciphers. A remote attacker could exploit this...
Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...
MGASA-2020-0171 Updated libssh packages fix security vulnerability
Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...
GLSA-202004-08 : libssh: Denial of service
The remote host is affected by the vulnerability described in GLSA-202004-08 libssh: Denial of service It was discovered that libssh could crash when AES-CTR ciphers are used. Impact : A remote attacker running a malicious client or server could possibly crash the counterpart implemented with...
Ubuntu: Security Advisory (USN-4327-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Client/server denial of service when handling AES-CTR ciphers
The libssh team reports originally reported by Yasheng Yang from Google: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connectio...