CVE-2013-0176

Published: 22 January 2013

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.

Priority

Status

Package	Release	Status
libssh Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (0.4.2-1ubuntu1.2)
	oneiric	Released (0.5.2-1ubuntu0.11.10.2)
	precise	Released (0.5.2-1ubuntu0.12.04.2)
	quantal	Released (0.5.2-1ubuntu0.12.10.2)
	upstream	Released (0.5.4)
	Patches: upstream: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
https://ubuntu.com/security/notices/USN-1707-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0176

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›