CVE-2014-8132

Published Dec 29, 2014

Last updated 6 years ago

CVSS info 5.0

Overview

Description: Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A80094C5-1273-43AB-9E1E-096D8B0A60BB"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D611A20-8A47-43DE-A6EC-90977C227C64"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28074A59-84B3-417F-B18A-5979F940A027"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FDA1F32-B3D1-416B-BE64-8B80C99B9DB4"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4721CE8-E74D-42CF-AB75-E6F73A6F75BB"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F92DD2-760B-4C4A-9AA8-384327B8699A"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388BE929-54F4-4058-B869-9E1663825AD6"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90396763-DE20-43FE-B251-F3B3C15B7ADB"
          },
          {
            "criteria": "cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA818EB5-6504-46F0-9848-57392B63C079"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References