Red Hat Bugzilla – Bug 894407
CVE-2013-0176 libssh: NULL dereference leads to denial of service
Last modified: 2016-03-04 06:05:57 EST
A NULL dereference was found in libssh 0.5.3's publickey_from_privatekey() function. When a server using libssh receives a "Client: Key Exchange Init", the server sets up the session and tries to set the algorithms by matching what the user specified vs what is supported in crypt_set_algorithms_server(). If there is no match, it will lead to a NULL dereference when receiving the "Client: Diffie-Hellman Key Exchange Init" packet, which will cause the program using libssh to crash.
Created attachment 678235 [details]
Patch for CVE-2013-0176
Fedora bugs are created automatically?
Created libssh tracking bugs for this issue
Affects: fedora-all [bug 902992]
Sorry, no, I forgot about the time. =(
libssh-0.5.4-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
libssh-0.5.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.