Lucene search

[email protected]CVE-2023-3603

HistoryJul 21, 2023 - 8:15 p.m.

CVE-2023-3603

2023-07-2120:15:16

CWE-476

[email protected]

web.nvd.nist.gov

cve-2023

security

sftp

server

null dereference

memory allocation

dos

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

13.0%

JSON

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user’s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.

Given this code is not in any released versions, no security releases have been issued.

CPENameOperatorVersion
libssh:libsshlibsshlt0.8.9
libssh:libsshlibssheq0.5.2
libssh:libsshlibssheq0.8.1
libssh:libsshlibssheq0.8.0
libssh:libsshlibssheq0.8.5
libssh:libsshlibssheq0.5.3
libssh:libsshlibssheq0.8.8
libssh:libsshlibssheq0.7.3
libssh:libsshlibssheq0.7.7
libssh:libsshlibssheq0.8.4

CPE	Name	Operator	Version
libssh:libssh	libssh	lt	0.8.9
libssh:libssh	libssh	eq	0.5.2
libssh:libssh	libssh	eq	0.8.1
libssh:libssh	libssh	eq	0.8.0
libssh:libssh	libssh	eq	0.8.5
libssh:libssh	libssh	eq	0.5.3
libssh:libssh	libssh	eq	0.8.8
libssh:libssh	libssh	eq	0.7.3
libssh:libssh	libssh	eq	0.7.7
libssh:libssh	libssh	eq	0.8.4