{
  "threat_severity" : "Moderate",
  "public_date" : "2020-04-09T09:00:00Z",
  "bugzilla" : {
    "description" : "libssh: denial of service when handling AES-CTR (or DES) ciphers",
    "id" : "1801998",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1801998"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.", "A flaw was found in the way libssh handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability." ],
  "acknowledgement" : "Red Hat would like to thank libssh team for reporting this issue. Upstream acknowledges Yasheng Yang (Google) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4545",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libssh-0:0.9.4-2.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4545",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libssh-0:0.9.4-2.el8"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-24T00:00:00Z",
    "advisory" : "RHSA-2020:5218",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.4.3-20201116.0.el8_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libssh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-1730\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1730\nhttps://www.libssh.org/security/advisories/CVE-2020-1730.txt" ],
  "name" : "CVE-2020-1730",
  "mitigation" : {
    "value" : "Disable AES-CTR ciphers (and DES in libssh 0.8). If you implement a server using libssh we advise to use a prefork model so each session runs in an own process. If you have implemented your server this way this is not really an issue. The client will kill its own connection.",
    "lang" : "en:us"
  },
  "csaw" : false
}