CVE-2014-8132

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
libsshlibssh
0.5.0
libsshlibssh
0.5.2
libsshlibssh
0.5.3
libsshlibssh
0.5.4
libsshlibssh
0.5.5
libsshlibssh
0.6.0
libsshlibssh
0.6.1
libsshlibssh
0.6.2
libsshlibssh
0.6.3
debiandebian_linux
7.0
debiandebian_linux
8.0
opensuseopensuse
12.3
opensuseopensuse
13.1
opensuseopensuse
13.2
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libssh
bookworm
0.10.6-0+deb12u1
fixed
bookworm (security)
0.10.6-0+deb12u1
fixed
bullseye
0.9.8-0+deb11u1
fixed
bullseye (security)
0.9.8-0+deb11u1
fixed
sid
0.11.1-1
fixed
squeeze
not-affected
trixie
0.11.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libssh
lucid
ignored
precise
Fixed 0.5.2-1ubuntu0.12.04.4
released
trusty
Fixed 0.6.1-0ubuntu3.1
released
utopic
Fixed 0.6.3-2ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libssh-config
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh-devel
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh4
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 12 SP5
0.8.7-1.31
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 12 SP5
0.8.7-1.31
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
libssh4-32bit
suse enterprise desktop 15
0.7.5-4.16
fixed
suse enterprise desktop 15 SP1
0.8.4-8.26
fixed
suse enterprise desktop 15 SP2
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP3
0.8.7-10.12.1
fixed
suse enterprise desktop 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise desktop 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise desktop 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise sap 12 SP5
0.8.7-1.31
fixed
suse enterprise sap 15
0.7.5-4.16
fixed
suse enterprise sap 15 SP1
0.8.4-8.26
fixed
suse enterprise sap 15 SP2
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP3
0.8.7-10.12.1
fixed
suse enterprise sap 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise sap 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.9.1
fixed
suse enterprise server 12 SP5
0.8.7-1.31
fixed
suse enterprise server 15
0.7.5-4.16
fixed
suse enterprise server 15 SP1
0.8.4-8.26
fixed
suse enterprise server 15 SP2
0.8.7-10.12.1
fixed
suse enterprise server 15 SP3
0.8.7-10.12.1
fixed
suse enterprise server 15 SP4
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP5
0.9.6-150400.1.5
fixed
suse enterprise server 15 SP6
0.9.8-150600.9.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.9.1
fixed
References
http://advisories.mageia.org/MGASA-2015-0014.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html
http://secunia.com/advisories/60838
http://www.debian.org/security/2016/dsa-3488
http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:020
http://www.ubuntu.com/usn/USN-2478-1
https://bugzilla.redhat.com/show_bug.cgi?id=1158089
https://security.gentoo.org/glsa/201606-12
http://advisories.mageia.org/MGASA-2015-0014.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html
http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html
http://secunia.com/advisories/60838
http://www.debian.org/security/2016/dsa-3488
http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:020
http://www.ubuntu.com/usn/USN-2478-1
https://bugzilla.redhat.com/show_bug.cgi?id=1158089
https://security.gentoo.org/glsa/201606-12