CVE-2020-16135

Name
CVE-2020-16135
Description
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
Issue Tracking https://bugs.libssh.org/T232
Third Party Advisory https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120
Third Party Advisory https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html
UBUNTU https://usn.ubuntu.com/4447-1/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/
GENTOO https://security.gentoo.org/glsa/202011-05
MISC https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libssh:libssh:0.9.4:*:*:*:*:*:*:* libssh == None == 0.9.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libssh 3.13-community 0.9.5-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libssh 3.11-main 0.9.4-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
libssh 3.10-main 0.8.9-r1 Natanael Copa <ncopa@alpinelinux.org> fixed