CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

CVE-2020-16135

CVE-2020-16135 affects libssh 0.9.4. The vulnerability is a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL, which can lead to a crash/denial of service. Connected documents confirm the issue and indicate that fixes were released (e.g., libssh 0.9.5 and security advisories...

CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

CVE-2020-16135

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if sshbuffernew returns NULL...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : libssh (EulerOS-SA-2020-1699)

According to the version of the libssh package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled...

Vulnerability of the ssh_scp_new() function in the libssh library, allowing a hacker to execute arbitrary code

The vulnerability of the sshscpnew function in the libssh library is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the libssh library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the libssh library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...

libssh:ssh_server_fuzzer: Use-of-uninitialized-value in BN_ucmp

Detailed Report: https://oss-fuzz.com/testcase?key=5152650317529088 Project: libssh Fuzzing Engine: libFuzzer Fuzz Target: sshserverfuzzer Job Type: libfuzzermsanlibssh Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: BNucmp BNnistmod384 ecGFpnistfieldsqr...

Fedora: Security Advisory for libssh (FEDORA-2020-6cad41abb0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2020-1509)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability fixed in Libssh

Fedora has fixed a vulnerability in Libssh. The vulnerability allows a remote malicious party to perform a Denial-of-Service DoS exploit. -= Fedora =- Fedora has made updates available for Fedora 31. You can install these updates by using the command 'dnf' or 'yum'. More information about these...

Fedora 31 : libssh (2020-5a77f0d68f)

Fixes CVE-2020-1730 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, In...

EulerOS 2.0 SP8 : libssh (EulerOS-SA-2020-1509)

According to the version of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or...

Fedora: Security Advisory for libssh (FEDORA-2020-5a77f0d68f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: libssh-0.9.4-2.fc31

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

MGASA-2020-0171 Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...

Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...

GLSA-202004-08 : libssh: Denial of service

The remote host is affected by the vulnerability described in GLSA-202004-08 libssh: Denial of service It was discovered that libssh could crash when AES-CTR ciphers are used. Impact : A remote attacker running a malicious client or server could possibly crash the counterpart implemented with...

openSUSE Security Update : libssh (openSUSE-2020-510)

This update for libssh fixes the following issues : - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR bsc1168699. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...