VDB
ALPINE-CVE-2020-14145
ALPINE-CVE-2020-14145
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Risk Scores
CVSS v3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | openssh | 8.3, 0, 5.1_p1-r1 |
| Alpine:v3.15 | openssh | 0, 5.1_p1-r1, 5.1p1-r0 |
| Alpine:v3.12 | openssh | 6.2_p1-r0, 8.3, 8.2 |
| Alpine:v3.22 | openssh | 8.3, 8.2, 8.1 |
| Alpine:v3.13 | openssh | 8.2, 0, 5.1_p1-r1 |
| Alpine:v3.14 | openssh | 8.3, 0, 5.1_p1-r1 |
| Alpine:v3.23 | openssh | *, 8.3, 8.2 |
| Alpine:v3.20 | openssh | 8.3, 0, 5.1_p1-r1 |
| Alpine:v3.18 | openssh | 8.3, 0, 5.1_p1-r1 |
| Alpine:v3.16 | openssh | 0, 5.1_p1-r2, 5.1p1-r0 |
| Alpine:v3.19 | openssh | 7.5_p1-r0, 8.3, 8.2 |
| Alpine:v3.21 | openssh | 0, 5.1_p1-r1, 5.1_p1-r2 |
Timeline
- Jun 29, 2020 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch