Lucene search

K
osvGoogleOSV:USN-6592-1
HistoryJan 22, 2024 - 1:05 p.m.

libssh vulnerabilities

2024-01-2213:05:30
Google
osv.dev
6
libssh
vulnerabilities
proxycommand
proxyjump
message digest
code injection
arbitrary code execution
remote attacker
sensitive information
crash
software
cve-2023-6004
cve-2023-6918

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.0%

It was discovered that libssh incorrectly handled the ProxyCommand and the
ProxyJump features. A remote attacker could possibly use this issue to
inject malicious code into the command of the features mentioned through
the hostname parameter. (CVE-2023-6004)

It was discovered that libssh incorrectly handled return codes when
performing message digest operations. A remote attacker could possibly use
this issue to cause libssh to crash, obtain sensitive information, or
execute arbitrary code. (CVE-2023-6918)

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.0%