Search for vulnerabilities
Vulnerability details: VCID-pa3r-uq2c-aaac
Vulnerability ID VCID-pa3r-uq2c-aaac
Aliases CVE-2020-16135
Summary libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16135.html
rhas Low https://access.redhat.com/errata/RHSA-2021:4387
rhas Important https://access.redhat.com/errata/RHSA-2021:4750
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16135.json
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00595 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00599 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00599 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00599 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00599 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.00728 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01563 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01563 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01563 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01725 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.01773 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.02326 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.02326 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.02326 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.02326 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
epss 0.03126 https://api.first.org/data/v1/epss?cve=CVE-2020-16135
generic_textual Medium https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
generic_textual Medium https://bugs.libssh.org/T232
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1862456
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual Medium https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120
generic_textual Medium https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=1493b4466fa394b321d196ad63dd6a4fa395d337
generic_textual Medium https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=65ae496222018221080dd753a52f6d70bf3ca5f3
generic_textual Medium https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e
generic_textual Medium https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=df0acab3a077bd8ae015e3e8b4c71ff31b5900fe
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-16135
cvssv3 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-16135
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2020-16135
generic_textual Medium https://ubuntu.com/security/notices/USN-4447-1
cvssv3.1 5.3 https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpuapr2022.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16135.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16135.json
https://api.first.org/data/v1/epss?cve=CVE-2020-16135
https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
https://bugs.libssh.org/T232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=1493b4466fa394b321d196ad63dd6a4fa395d337
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=65ae496222018221080dd753a52f6d70bf3ca5f3
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e
https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120/diffs?commit_id=df0acab3a077bd8ae015e3e8b4c71ff31b5900fe
https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E/
https://security.gentoo.org/glsa/202011-05
https://ubuntu.com/security/notices/USN-4447-1
https://usn.ubuntu.com/4447-1/
https://www.oracle.com/security-alerts/cpuapr2022.html
1862456 https://bugzilla.redhat.com/show_bug.cgi?id=1862456
966560 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966560
cpe:2.3:a:libssh:libssh:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libssh:libssh:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVE-2020-16135 https://nvd.nist.gov/vuln/detail/CVE-2020-16135
RHSA-2021:4387 https://access.redhat.com/errata/RHSA-2021:4387
RHSA-2021:4750 https://access.redhat.com/errata/RHSA-2021:4750
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16135.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16135
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-16135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.79016
EPSS Score 0.00595
Published At Nov. 23, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.