VDB
CVE-2020-1730
CVE-2020-1730
PUBLISHED
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
EPSS 0.11% · 29.0th percentile
Risk Scores
EPSS Score
0.11%
29.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libssh | 0, 0.7.5-1, 0.8.0~20170825.94fa1e38-1ubuntu0.1 |
Timeline
- Apr 8, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-1730 third-party-advisory
- https://www.libssh.org/security/advisories/CVE-2020-1730.txt third-party-advisory
- https://ubuntu.com/security/notices/USN-4327-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-1730 third-party-advisory