CVE-2013-0176 Information

Description

The publickey_from_privatekey function in libssh before 0.5.4 when no algorithm is matched during negotiations allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a \Client: Diffie-Hellman Key Exchange Init\ packet.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html http://secunia.com/advisories/51982 http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ http://www.ubuntu.com/usn/USN-1707-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/81595