CVE-2020-1730

Publication date 9 April 2020

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Status

Package Ubuntu Release Status
libssh 19.10 eoan
Fixed 0.9.0-1ubuntu1.4
18.04 LTS bionic
Fixed 0.8.0~20170825.94fa1e38-1ubuntu0.6
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.3 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities