{"api_version":"1","generated_at":"2026-04-22T20:52:23+00:00","cve":"CVE-2020-1730","urls":{"html":"https://cve.report/CVE-2020-1730","api":"https://cve.report/api/cve/CVE-2020-1730.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1730","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1730"},"summary":{"title":"CVE-2020-1730","description":"A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-04-13 19:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/","name":"FEDORA-2020-5a77f0d68f","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 31 Update: libssh-0.9.4-2.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/","name":"FEDORA-2020-5a77f0d68f","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: libssh-0.9.4-2.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200424-0001/","name":"https://security.netapp.com/advisory/ntap-20200424-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-1730 Libssh Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.libssh.org/security/advisories/CVE-2020-1730.txt","name":"https://www.libssh.org/security/advisories/CVE-2020-1730.txt","refsource":"MISC","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1801998 – (CVE-2020-1730) CVE-2020-1730 libssh: denial of service when handling AES-CTR (or DES) ciphers","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/","name":"FEDORA-2020-6cad41abb0","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: libssh-0.9.4-2.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4327-1/","name":"USN-4327-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-4327-1: libssh vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/","name":"FEDORA-2020-6cad41abb0","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: libssh-0.9.4-2.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1730","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1730","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libssh","cpe5":"libssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"libssh","cpe5":"libssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"8.0.21","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_workbench","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1730","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-1730","qid":"377559","title":"Alibaba Cloud Linux Security Update for libssh (ALINUX3-SA-2022:0067)"},{"cve":"CVE-2020-1730","qid":"501063","title":"Alpine Linux Security Update for libssh"},{"cve":"CVE-2020-1730","qid":"755806","title":"SUSE Enterprise Linux Security Update for libssh (SUSE-SU-2024:0539-1)"},{"cve":"CVE-2020-1730","qid":"770068","title":"Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)"},{"cve":"CVE-2020-1730","qid":"940406","title":"AlmaLinux Security Update for libssh (ALSA-2020:4545)"},{"cve":"CVE-2020-1730","qid":"960879","title":"Rocky Linux Security Update for libssh (RLSA-2020:4545)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-1730","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"libssh","version":{"version_data":[{"version_value":"libssh versions before 0.8.9"},{"version_value":"libssh versions before 0.9.4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476"}]}]},"references":{"reference_data":[{"refsource":"FEDORA","name":"FEDORA-2020-5a77f0d68f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554/"},{"refsource":"UBUNTU","name":"USN-4327-1","url":"https://usn.ubuntu.com/4327-1/"},{"refsource":"FEDORA","name":"FEDORA-2020-6cad41abb0","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU/"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"url":"https://www.libssh.org/security/advisories/CVE-2020-1730.txt","refsource":"MISC","name":"https://www.libssh.org/security/advisories/CVE-2020-1730.txt"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730","refsource":"CONFIRM"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200424-0001/","url":"https://security.netapp.com/advisory/ntap-20200424-0001/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability."}]},"impact":{"cvss":[[{"vectorString":"5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-04-13 19:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.0","versionEndExcluding":"0.9.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionStartIncluding":"0.8.0","versionEndExcluding":"0.8.9","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.21","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1730","Ordinal":"160968","Title":"CVE-2020-1730","CVE":"CVE-2020-1730","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1730","Ordinal":"1","NoteData":"A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"1730","Ordinal":"2","NoteData":"2020-04-13","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1730","Ordinal":"3","NoteData":"2020-10-20","Type":"Other","Title":"Modified"}]}}}