CVE-2020-1730
5.3
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.
How to fix CVE-2020-1730
To remediate CVE-2020-1730, upgrade the affected package to a fixed version below.
- —upgrade to 0.8.9-r0 or later
- —upgrade to 0.9.4-1 or later
Is CVE-2020-1730 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.9-r0
- from 0, < 0.9.4-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |