Lucene search

K
redhatRedHatRHSA-2024:0538
HistoryJan 29, 2024 - 8:02 a.m.

(RHSA-2024:0538) Moderate: libssh security update

2024-01-2908:02:58
access.redhat.com
23
libssh
security update
ssh protocol
algorithm guessing
authorization bypass
prefix truncation attack
cvss score
unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.3

Confidence

Low

EPSS

0.965

Percentile

99.6%

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

  • libssh: NULL pointer dereference during rekeying with algorithm guessing (CVE-2023-1667)

  • libssh: authorization bypass in pki_verify_data_signature (CVE-2023-2283)

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

7.3

Confidence

Low

EPSS

0.965

Percentile

99.6%