Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

Gentoo FoundationGLSA-202312-16

HistoryDec 28, 2023 - 12:00 a.m.

libssh: Multiple Vulnerabilities

Vulners
Gentoo
libssh: Multiple Vulnerabilities

2023-12-2800:00:00

Gentoo Foundation

security.gentoo.org

libssh

sshv2

protocol

vulnerabilities

cve

upgrade

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.5%

JSON

Background

libssh is a multiplatform C library implementing the SSHv2 protocol on client and server side.

Description

Multiple vulnerabilities have been discovered in libssh. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All libssh users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-libs/libssh-0.10.6"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/libssh< 0.10.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-libs/libssh	< 0.10.6	UNKNOWN

nessus 70

openvas 54

slackware 1

fedora 12

osv 12

debian 4

mageia 5

alpinelinux 1

ubuntucve 2

cgr 1

cve 1

prion 2

redhatcve 1

debiancve 1

wolfi 1

hackerone 1

veracode 3

nvd 1

cvelist 2

photon 1

ibm 6

paloalto 1

rosalinux 1

cbl_mariner 5

redhat 2

freebsd 1

oraclelinux 2

amazon 1

ubuntu 1

almalinux 1

github 1

redos 1

nessus

GLSA-202312-16 : libssh: Multiple Vulnerabilities

2023-12-27 00:00:00

EulerOS 2.0 SP9 : libssh (EulerOS-SA-2024-1177)

2024-02-08 00:00:00

EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2024-1628)

2024-05-15 00:00:00

openvas

Mageia: Security Advisory (MGASA-2023-0357)

2024-01-01 00:00:00

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1216)

2024-03-12 00:00:00

Fedora: Security Advisory for libssh (FEDORA-2023-55800423a8)

2024-01-18 00:00:00

slackware

[slackware-security] libssh

2023-12-19 21:31:02

fedora

[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39

2023-12-22 02:44:21

[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38

2024-01-10 01:52:52

[SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39

2024-01-18 01:47:06

osv

libssh - security update

2023-12-28 00:00:00

CVE-2023-6004

2024-01-03 17:15:11

python-asyncssh - security update

2024-02-01 00:00:00

debian

[SECURITY] [DSA 5591-1] libssh security update

2023-12-28 14:27:16

[SECURITY] [DSA 5599-1] phpseclib security update

2024-01-12 07:13:27

[SECURITY] [DLA 3718-1] php-phpseclib security update

2024-01-25 02:26:07

mageia

Updated libssh packages fix security vulnerabilities

2023-12-29 20:16:34

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

2024-01-08 13:12:44

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

2024-02-10 04:03:35

alpinelinux

CVE-2023-6004

2024-01-03 17:15:11

ubuntucve

CVE-2023-6004

2024-01-03 00:00:00

CVE-2023-48795

2023-12-18 00:00:00

cgr

CVE-2023-6004 vulnerabilities

2024-05-19 03:07:16

cve

CVE-2023-6004

2024-01-03 17:15:11

prion

Command injection

2024-01-03 17:15:00

Design/Logic Flaw

2023-12-18 16:15:00

redhatcve

CVE-2023-6004

2023-12-18 22:58:47

debiancve

CVE-2023-6004

2024-01-03 17:15:11

wolfi

CVE-2023-6004 vulnerabilities

2024-06-25 03:08:26

hackerone

Internet Bug Bounty: Command Injection using malicious hostname in expanded proxycommand

2023-12-20 22:05:47

veracode

Command Injection

2023-12-21 09:16:27

Rogue Session Attack (Terrapin)

2023-12-19 06:46:15

Prefix Truncation Attack (Terrapin Attack)

2023-12-19 09:12:16

nvd

CVE-2023-6004

2024-01-03 17:15:11

cvelist

CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

2024-01-03 17:01:38

CVE-2023-48795

2023-12-18 00:00:00

photon

Important Photon OS Security Update - PHSA-2024-3.0-0712

2024-01-12 00:00:00

ibm

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

2024-03-11 14:52:33

Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

2024-05-14 15:04:31

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to machine-in-the-middle due to golang.org/x/crypto ( CVE-2023-48795 )

2024-04-11 21:32:41

paloalto

Impact of Terrapin SSH Attack

2024-01-09 01:30:00

rosalinux

Advisory ROSA-SA-2024-2382

2024-03-26 11:47:18

cbl_mariner

CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1

2024-06-25 03:09:55

CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2

2024-06-25 03:09:55

CVE-2023-48795 affecting package erlang for versions less than 25.2-2

2024-02-25 03:00:06

redhat

(RHSA-2024:0628) Moderate: libssh security update

2024-01-31 08:17:03

(RHSA-2024:2768) Moderate: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

2024-05-22 20:34:42

freebsd

putty -- add protocol extension against 'Terrapin attack'

2023-10-16 00:00:00

oraclelinux

openssh security update

2024-02-13 00:00:00

openssh security update

2024-03-19 00:00:00

amazon

Medium: openssh

2023-12-18 09:20:00

ubuntu

Paramiko vulnerability

2024-01-25 00:00:00

almalinux

Moderate: libssh security update

2024-01-31 00:00:00

github

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

2023-12-18 19:22:09

redos

ROS-20240409-04

2024-04-09 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.5%

JSON

Related for GLSA-202312-16