22/01/13 - 04:00pm
This is an important SECURITY and maintenance release in order to address CVE-2013-0176 – NULL dereference leads to denial of service.
The crash could kill a SSH server using libssh. However it depends on the the server process model how bad the situation can be. If you use a forked model to implement your server, the user will just kill its own connection.
Thanks to Yong Chuan Koh, X-Force Research for the report.
- CVE-2013-0176 – NULL dereference leads to denial of service
- Fixed several NULL pointer dereferences in SSHv1.
- Fixed a free crash bug in options parsing.