CVE-2020-1730 log

Severity Medium
Remote Yes
Type Denial of service
A malicious client or server could crash the counterpart implemented with libssh before 0.9.4. When AES-CTR ciphers are used and don't get fully initialized, libssh will crash when it tries to cleanup the AES-CTR ciphers when closing the connection.
Group Package Affected Fixed Severity Status Ticket
AVG-1130 libssh 0.9.3-1 0.9.4-1 Medium Fixed
Date Advisory Group Package Severity Type
09 Apr 2020 ASA-202004-11 AVG-1130 libssh Medium denial of service
Workaround: Disable AES-CTR ciphers. If you implement a server using libssh we advise to use a prefork model so each session runs in an own process. If you have implemented your server this way this is not really an issue. The client will kill its own connection.