CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
libsshlibssh
0.5.0
libsshlibssh
0.5.2
libsshlibssh
0.5.3
libsshlibssh
0.5.4
libsshlibssh
0.5.5
libsshlibssh
0.6.0
libsshlibssh
0.6.1
libsshlibssh
0.6.2
libsshlibssh
0.6.3
debiandebian_linux
7.0
debiandebian_linux
8.0
opensuseopensuse
12.3
opensuseopensuse
13.1
opensuseopensuse
13.2
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libssh
bullseye (security)
0.9.8-0+deb11u1
fixed
bullseye
0.9.8-0+deb11u1
fixed
squeeze
not-affected
bookworm
0.10.6-0+deb12u1
fixed
bookworm (security)
0.10.6-0+deb12u1
fixed
sid
0.11.1-1
fixed
trixie
0.11.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libssh
utopic
Fixed 0.6.3-2ubuntu1.1
released
trusty
Fixed 0.6.1-0ubuntu3.1
released
precise
Fixed 0.5.2-1ubuntu0.12.04.4
released
lucid
ignored
References
http://advisories.mageia.org/MGASA-2015-0014.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html
http://secunia.com/advisories/60838
http://www.debian.org/security/2016/dsa-3488
http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:020
http://www.ubuntu.com/usn/USN-2478-1
https://bugzilla.redhat.com/show_bug.cgi?id=1158089
https://security.gentoo.org/glsa/201606-12
http://advisories.mageia.org/MGASA-2015-0014.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html
http://secunia.com/advisories/60838
http://www.debian.org/security/2016/dsa-3488
http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:020
http://www.ubuntu.com/usn/USN-2478-1
https://bugzilla.redhat.com/show_bug.cgi?id=1158089
https://security.gentoo.org/glsa/201606-12