Published: 05/02/2013 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The publickey_from_privatekey function in libssh prior to 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Affected Products

Vendor Product Versions
LibsshLibssh0.4.7, 0.4.8, 0.5.0, 0.5.1, 0.5.2, 0.5.3

Vendor Advisories

Debian Bug report logs - #698963 libssh: CVE-2013-0176 NULL dereference denial of service Package: libssh; Maintainer for libssh is Laurent Bigonville <bigon@debianorg>; Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Fri, 25 Jan 2013 18:54:02 UTC Severity: normal Tags: patch, security Found in ve ...
libssh could be made to crash if it received specially crafted network traffic ...