===========================================================
== Subject:     CVE-2014-8132: Double free on dangling pointers in initial key exchange packet.
==
== CVE ID#:     CVE-2014-8132
==
== Versions:    All versions of libssh later than 0.5.1
==
== Summary:     A malicious initial key exchange packet could lead to a double
==              free crashing the server.
==
==              This doesn't require any authentication.
==
===========================================================

===========
Description
===========

libssh versions 0.5.1 and above could leave dangling pointers in the session
crypto structures.  It is possible to send a malicious kexinit package to
eventually cause a server to do a double-free before this fix.

This could be used for a Denial of Service attack.

As this was found by a libssh developer there are no currently known exploits
for this problem (as of December 19th 2014).

==================
Patch Availability
==================

Patches addressing the issue have been posted to:

    https://www.libssh.org/

libssh versions 0.6.4 has been released to address this issue.

==========
Workaround
==========

None.

=======
Credits
=======

This problem was found by Jon Simons. He contributed a lot of code to the
libssh project.

Patches provided by Jon Simons and the libssh Team.

==========================================================
== The libssh Team
==========================================================