Lucene search
GoogleOSV:CVE-2023-46445HistoryNov 14, 2023 - 3:15 a.m.
CVE-2023-46445
2023-11-1403:15:09
Google
osv.dev
13
asyncssh
extension info
man-in-the-middle
0.001 Low
EPSS
Percentile
32.2%
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a “Rogue Extension Negotiation.”
References
packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
github.com/advisories/GHSA-cfc2-wr2v-gxm5
github.com/ronf/asyncssh/blob/develop/docs/changes.rst
github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE/
security.netapp.com/advisory/ntap-20231222-0001/
www.terrapin-attack.com
Related
osv
osv
PYSEC-2023-237
2023-11-14 03:15:00
AsyncSSH Rogue Extension Negotiation
2023-11-09 18:34:53
f5
f5
K000138576 : Python-asyncssh vulnerability CVE-2023-46445
2024-02-12 00:00:00
cvelist
cvelist
CVE-2023-46445
2023-11-14 00:00:00
nvd
nvd
CVE-2023-46445
2023-11-14 03:15:09
cve
cve
CVE-2023-46445
2023-11-14 03:15:09
ubuntucve
ubuntucve
CVE-2023-46445
2023-11-14 00:00:00
github
github
AsyncSSH Rogue Extension Negotiation
2023-11-09 18:34:53
veracode
veracode
Rogue Extension Negotiation
2023-11-10 09:21:10
prion
prion
Design/Logic Flaw
2023-11-14 03:15:00
debiancve
debiancve
CVE-2023-46445
2023-11-14 03:15:09
redhatcve
redhatcve
CVE-2023-46445
2023-11-17 18:51:51
fedora
fedora
[SECURITY] Fedora 39 Update: python-asyncssh-2.14.1-1.fc39
2023-11-26 01:56:03
nessus
nessus
Fedora 39 : python-asyncssh (2023-d2956318e4)
2023-11-25 00:00:00
openvas
openvas
Fedora: Security Advisory for python-asyncssh (FEDORA-2023-d2956318e4)
2023-11-26 00:00:00