CVE-2020-1730: 
NixOS vulnerability analysis and mitigation

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. This vulnerability was discovered in early 2020 and was assigned CVE-2020-1730 (Libssh Advisory).

The vulnerability occurs when AES-CTR ciphers are used but don't get fully initialized, leading to a crash during cipher cleanup when closing the connection. The issue affects both client and server implementations using libssh. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD, Libssh Advisory).

The primary impact of this vulnerability is on system availability. When successfully exploited, it can cause a denial of service condition by crashing either the client or server implementation of libssh. The vulnerability does not affect confidentiality or integrity of the system (NVD).

As a temporary workaround, administrators can disable AES-CTR ciphers. For server implementations, it is recommended to use a prefork model where each session runs in its own process to minimize the impact. The permanent fix is to upgrade to libssh version 0.8.9 or 0.9.4 or later, which contain patches addressing this vulnerability (Libssh Advisory, Red Hat Bugzilla).