Lucene search
GoogleOSV:PYSEC-2023-237HistoryNov 14, 2023 - 3:15 a.m.
PYSEC-2023-237
2023-11-1403:15:00
Google
osv.dev
1
asyncssh
vulnerability
extension info
rfc 8308
man-in-the-middle
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.2%
An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.
Related
f5
f5
K000138576 : Python-asyncssh vulnerability CVE-2023-46445
2024-02-12 00:00:00
cvelist
cvelist
CVE-2023-46445
2023-11-14 00:00:00
nvd
nvd
CVE-2023-46445
2023-11-14 03:15:09
cve
cve
CVE-2023-46445
2023-11-14 03:15:09
ubuntucve
ubuntucve
CVE-2023-46445
2023-11-14 00:00:00
github
github
AsyncSSH Rogue Extension Negotiation
2023-11-09 18:34:53
veracode
veracode
Rogue Extension Negotiation
2023-11-10 09:21:10
prion
prion
Design/Logic Flaw
2023-11-14 03:15:00
debiancve
debiancve
CVE-2023-46445
2023-11-14 03:15:09
osv
osv
AsyncSSH Rogue Extension Negotiation
2023-11-09 18:34:53
CVE-2023-46445
2023-11-14 03:15:09
redhatcve
redhatcve
CVE-2023-46445
2023-11-17 18:51:51
fedora
fedora
[SECURITY] Fedora 39 Update: python-asyncssh-2.14.1-1.fc39
2023-11-26 01:56:03
nessus
nessus
Fedora 39 : python-asyncssh (2023-d2956318e4)
2023-11-25 00:00:00
openvas
openvas
Fedora: Security Advisory for python-asyncssh (FEDORA-2023-d2956318e4)
2023-11-26 00:00:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.2%
Related for OSV:PYSEC-2023-237