Your submission was sent successfully! Close

CVE-2014-8132

Published: 28 December 2014

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Notes

AuthorNote
mdeslaur
0.5.1 and higher
Priority

Medium

Status

Package Release Status
libssh
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (0.5.2-1ubuntu0.12.04.4)
trusty Does not exist
(trusty was released [0.6.1-0ubuntu3.1])
upstream
Released (0.6.4)
utopic
Released (0.6.3-2ubuntu1.1)
Patches:
upstream: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f