Vulnerability-Lookup

CVE-2014-8132 (GCVE-0-2014-8132)

Vulnerability from cvelistv5 – Published: 2014-12-29 00:00 – Updated: 2024-08-06 13:10

Summary

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2014-8132

Vulnerability from fkie_nvd - Published: 2014-12-29 00:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

References

URL	Tags
secalert@redhat.com	http://advisories.mageia.org/MGASA-2015-0014.html	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html	Third Party Advisory
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html	Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/60838
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3488	Third Party Advisory
secalert@redhat.com	http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/	Patch, Vendor Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2015:020	Third Party Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2478-1	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1158089	Issue Tracking, Third Party Advisory, VDB Entry
secalert@redhat.com	https://security.gentoo.org/glsa/201606-12	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://advisories.mageia.org/MGASA-2015-0014.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60838
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3488	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:020	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2478-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1158089	Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201606-12	Third Party Advisory

Impacted products

Vendor	Product	Version
libssh	libssh	0.5.0
libssh	libssh	0.5.2
libssh	libssh	0.5.3
libssh	libssh	0.5.4
libssh	libssh	0.5.5
libssh	libssh	0.6.0
libssh	libssh	0.6.1
libssh	libssh	0.6.2
libssh	libssh	0.6.3
debian	debian_linux	7.0
debian	debian_linux	8.0
opensuse	opensuse	12.3
opensuse	opensuse	13.1
opensuse	opensuse	13.2
fedoraproject	fedora	19
fedoraproject	fedora	20
fedoraproject	fedora	21
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80094C5-1273-43AB-9E1E-096D8B0A60BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D611A20-8A47-43DE-A6EC-90977C227C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28074A59-84B3-417F-B18A-5979F940A027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FDA1F32-B3D1-416B-BE64-8B80C99B9DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4721CE8-E74D-42CF-AB75-E6F73A6F75BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F92DD2-760B-4C4A-9AA8-384327B8699A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "388BE929-54F4-4058-B869-9E1663825AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90396763-DE20-43FE-B251-F3B3C15B7ADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA818EB5-6504-46F0-9848-57392B63C079",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n ssh_packet_kexinit en kex.c en libssh 0.5.x y 0.6.x anterior a 0.6.4 permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s del paquete modificado kexinit."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
  "id": "CVE-2014-8132",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-29T00:59:00.060",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2015-0014.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60838"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3488"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2478-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2015-0014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2478-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-12"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-8132

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Aliases

CVE-2014-8132

Aliases

CVE-2014-8132

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8132",
    "description": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.",
    "id": "GSD-2014-8132",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-8132.html",
      "https://ubuntu.com/security/CVE-2014-8132",
      "https://advisories.mageia.org/CVE-2014-8132.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8132"
      ],
      "details": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.",
      "id": "GSD-2014-8132",
      "modified": "2023-12-13T01:22:49.205430Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-8132",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://advisories.mageia.org/MGASA-2015-0014.html",
            "refsource": "MISC",
            "url": "http://advisories.mageia.org/MGASA-2015-0014.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html"
          },
          {
            "name": "http://secunia.com/advisories/60838",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/60838"
          },
          {
            "name": "http://www.debian.org/security/2016/dsa-3488",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2016/dsa-3488"
          },
          {
            "name": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/",
            "refsource": "MISC",
            "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-2478-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-2478-1"
          },
          {
            "name": "https://security.gentoo.org/glsa/201606-12",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201606-12"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-8132"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089"
            },
            {
              "name": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/"
            },
            {
              "name": "USN-2478-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2478-1"
            },
            {
              "name": "MDVSA-2015:020",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2015-0014.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://advisories.mageia.org/MGASA-2015-0014.html"
            },
            {
              "name": "FEDORA-2014-17354",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html"
            },
            {
              "name": "FEDORA-2014-17303",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html"
            },
            {
              "name": "FEDORA-2014-17324",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html"
            },
            {
              "name": "openSUSE-SU-2015:0017",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html"
            },
            {
              "name": "DSA-3488",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3488"
            },
            {
              "name": "GLSA-201606-12",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201606-12"
            },
            {
              "name": "60838",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60838"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2014-12-29T00:59Z"
    }
  }
}

GHSA-82H4-V777-3PJ8

Vulnerability from github – Published: 2022-05-14 02:05 – Updated: 2025-04-12 12:43

Details

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8132"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-29T00:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.",
  "id": "GHSA-82h4-v777-3pj8",
  "modified": "2025-04-12T12:43:32Z",
  "published": "2022-05-14T02:05:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8132"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158089"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201606-12"
    },
    {
      "type": "WEB",
      "url": "http://advisories.mageia.org/MGASA-2015-0014.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147367.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147452.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60838"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3488"
    },
    {
      "type": "WEB",
      "url": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:020"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2478-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-00061

Vulnerability from cnvd - Published: 2015-01-05

Title

libssh双重释放漏洞

Description

libssh是一个用以访问SSH服务的C语言开发包，通过它可以执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 libssh存在双重释放漏洞，允许远程攻击者利用漏洞通过精心编制的kexinit数据包发起拒绝服务攻击。

Severity

中

Patch Name

libssh双重释放漏洞的补丁

Patch Description

libssh是一个用以访问SSH服务的C语言开发包，通过它可以执行远程命令、文件传输，同时为远程的程序提供安全的传输通道。 libssh存在双重释放漏洞，允许远程攻击者利用漏洞通过精心编制的kexinit数据包发起拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/

Reference

http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8132

Impacted products

Name
['libssh libssh 0.5.x', 'libssh libssh 0.6.x<0.6.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "71865"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8132"
    }
  },
  "description": "libssh\u662f\u4e00\u4e2a\u7528\u4ee5\u8bbf\u95eeSSH\u670d\u52a1\u7684C\u8bed\u8a00\u5f00\u53d1\u5305\uff0c\u901a\u8fc7\u5b83\u53ef\u4ee5\u6267\u884c\u8fdc\u7a0b\u547d\u4ee4\u3001\u6587\u4ef6\u4f20\u8f93\uff0c\u540c\u65f6\u4e3a\u8fdc\u7a0b\u7684\u7a0b\u5e8f\u63d0\u4f9b\u5b89\u5168\u7684\u4f20\u8f93\u901a\u9053\u3002\r\n\r\nlibssh\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684kexinit\u6570\u636e\u5305\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00061",
  "openTime": "2015-01-05",
  "patchDescription": "libssh\u662f\u4e00\u4e2a\u7528\u4ee5\u8bbf\u95eeSSH\u670d\u52a1\u7684C\u8bed\u8a00\u5f00\u53d1\u5305\uff0c\u901a\u8fc7\u5b83\u53ef\u4ee5\u6267\u884c\u8fdc\u7a0b\u547d\u4ee4\u3001\u6587\u4ef6\u4f20\u8f93\uff0c\u540c\u65f6\u4e3a\u8fdc\u7a0b\u7684\u7a0b\u5e8f\u63d0\u4f9b\u5b89\u5168\u7684\u4f20\u8f93\u901a\u9053\u3002\r\n\r\nlibssh\u5b58\u5728\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u7f16\u5236\u7684kexinit\u6570\u636e\u5305\u53d1\u8d77\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "libssh\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "libssh libssh 0.5.x",
      "libssh libssh 0.6.x\u003c0.6.4"
    ]
  },
  "referenceLink": "http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8132",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-04",
  "title": "libssh\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8132 (GCVE-0-2014-8132)

FKIE_CVE-2014-8132

GSD-2014-8132

GHSA-82H4-V777-3PJ8

CNVD-2015-00061

Tags

Sightings

Nomenclature